Command Reference 4.1

Redline Networks
Command Line Reference

for Version 4.1
Copyright 2005 Redline Networks, Inc.

Redline Networks and The Redline Symbol are registered trademarks of Redline Networks, Inc.
Deploy and Enjoy, 3G Cache, OverDrive, E|X and T|X are trademarks of Redline Networks,
Inc. All rights reserved.
Outlook Web Access (OWA) is a registered trademark of Microsoft Corporation. All other
products and services mentioned in this publication are the trademarks, service marks, registered trademarks, or registered servicemarks of their respective owners.
Document Version: 1.04
Redline Networks
655 Campbell Technology Parkway #250
Campbell, CA 95008
+1 408.369.3800
www.RedlineNetworks.com
REDLINE NETWORKS :: Command Line Reference
About This Document

This manual provides a complete reference for the Web I/O Accelerator Command Set. This
document applies to all E|X Enterprise Application Processor and T|X Web I/O Processor product models. Where differences exist between the commands available in the E|X product vs. the
T|X product, these differences are explicitly called out.
Audience
This document assumes that the reader has knowledge of the network architecture or topology
in which the Redline Networks' E|X or T|X will be installed. This documentation is intended
for network engineers, web operations engineers, IT professionals and system administrators
who have experience with the following:
Installing, configuring and administering network equipment
Managing web traffic and connectivity
Conventions
The following conventions were used in this manual:
Notation
Example
Meaning and Use
Courier typeface
.ini file
Code Listings, names of files, symbols, and directories, are shown in Courier typeface.
Bold Courier
typeface
install
In a command line, keywords are shown in

bold, non-italic, Courier typeface. Enter them
exactly as shown.
Italics
Note:
Notes about the subject are shown with a header in italics.
Bold Italics
Important:
Important information about the subject is

shows with the header in bold Italics. This information should not be ignored.
Square Brackets
[version]
You may, but need not, select one item

enclosed within brackets. Do not enter the
brackets.
Angle Brackets
<username>
You must provide the information enclosed

within brackets. Do not enter the brackets.
Bar
les | les.out
You may select one (but not more than one)

item from a list separated by bars. Do not enter
the bars.
When computer output listings are shown, an effort has been made not to break up the lines
when at all possible. This is to improve the clarity of the printout; for this reason, some listings
will be indented, and others will start at the left edge of the column.
REDLINE NETWORKS :: Command Line Reference |
Table of Contents
About This Document .......................................................................................... 3
Audience .............................................................................................................. 3
Conventions ......................................................................................................... 3
Table of Contents ................................................................................. 5

List of Tables ...................................................................................... 11
Chapter 1. Introduction ..................................................................... 15
Tips for Help on Commands .............................................................................. 15
Notes on Set Commands .................................................................................... 16
Cluster, Redirector, and Forwarder Naming Conventions ................................ 17
Optional Features ............................................................................................... 18
Web Interface for Web I/O Accelerator ............................................................. 18
Chapter 2. Administrative Rights ..................................................... 21

Access Classes ................................................................................................... 21
Passwords ........................................................................................................... 22
Roles .................................................................................................................. 22
Administrative Management .............................................................................. 23
Chapter 3. Command Reference ....................................................... 25

add ...................................................................................................................... 25
add route ............................................................................................................ 28
add user .............................................................................................................. 29
capture ................................................................................................................ 31
clear activen ....................................................................................................... 34
clear admin ......................................................................................................... 35
clear authentication cache .................................................................................. 37
clear cache .......................................................................................................... 38
clear cluster <name> .......................................................................................... 39
clear cluster <name> listen ssl ........................................................................... 42
clear dns server .................................................................................................. 44
clear forwarder <name> ..................................................................................... 45
clear health remotehost ...................................................................................... 47
clear log .............................................................................................................. 48
clear ntp server ................................................................................................... 49
clear redirector <name> ..................................................................................... 50
clear server ......................................................................................................... 52
clear slb .............................................................................................................. 53
clear sync group <name> ................................................................................... 54
clear user ............................................................................................................ 55
clear vlan ............................................................................................................ 57
cls ...................................................................................................................... 58
configure ............................................................................................................ 59
copy .................................................................................................................... 60
delete .................................................................................................................. 63
display ................................................................................................................ 66
exit ..................................................................................................................... 68
export ................................................................................................................. 69
gen ...................................................................................................................... 71
halt ..................................................................................................................... 73
help ..................................................................................................................... 74
history ................................................................................................................ 76
import ................................................................................................................. 77
install .................................................................................................................. 79
list ...................................................................................................................... 84
ping .................................................................................................................... 85
quit ..................................................................................................................... 86
reboot ................................................................................................................. 87
reload ................................................................................................................. 88
reset config ......................................................................................................... 89
set activen .......................................................................................................... 90
set admin audit ................................................................................................... 94
set admin cli ....................................................................................................... 95
set admin email .................................................................................................. 96
set admin interface ............................................................................................. 97
set admin log ...................................................................................................... 98
set admin netmask ............................................................................................ 100
set admin scp .................................................................................................... 101
set admin snmp ................................................................................................ 102
set admin snmp trap ......................................................................................... 104
set admin soap .................................................................................................. 106
set admin ssh .................................................................................................... 107
set admin syslog ............................................................................................... 108
set admin tcpdump ........................................................................................... 110
set admin telnet ................................................................................................ 112
set admin tftp ................................................................................................... 113
set admin tsdump ............................................................................................. 114
set admin upgrade ............................................................................................ 116
set admin vip .................................................................................................... 118
set admin webui ............................................................................................... 119
set boot ............................................................................................................. 121
set cache <name> ............................................................................................. 122
set clock ........................................................................................................... 123
set cluster <name> aaa audit ............................................................................ 124
set cluster <name> aaa authentication ............................................................. 125
set cluster <name> apprule .............................................................................. 128
set cluster <name> cache ................................................................................. 130
set cluster <name> connbind ........................................................................... 131

set cluster <name> convert302protocol ........................................................... 132
set cluster <name> description ........................................................................ 133
set cluster <name> dsr ..................................................................................... 134
set cluster <name> health ................................................................................ 135
set cluster <name> listen .................................................................................. 137
set cluster <name> listen ssl ............................................................................ 139
set cluster <name> listen ssl clientauth ............................................................ 141
set cluster <name> name .................................................................................. 143
set cluster <name> owa .................................................................................... 144
set cluster <name> stats history ....................................................................... 145
set cluster <name> sticky ................................................................................. 146
set cluster <name> target ................................................................................. 148
set cluster <name> target ssl ............................................................................ 150
set cluster <name> target tune ......................................................................... 152
set cluster <name> transparency ...................................................................... 155
set cluster <name> weblog .............................................................................. 157
set cluster <name> weblog batch ..................................................................... 160
set dns .............................................................................................................. 162
set ether n ......................................................................................................... 163
set forwarder <name> ...................................................................................... 165
set forwarder <name> listen ssl ....................................................................... 167
set forwarder <name> target ssl ....................................................................... 170
set health remotehost ....................................................................................... 172
set hostname ..................................................................................................... 173
set ntp ............................................................................................................... 174
set password ..................................................................................................... 175
set redirector <name> ...................................................................................... 176
set redirector <name> listen ............................................................................. 178
set redirector <name> listen ssl ....................................................................... 179
set route ............................................................................................................ 182
set server .......................................................................................................... 183
set server failover ............................................................................................. 185
set server reversepath ....................................................................................... 186
set slb ............................................................................................................... 187
set sync group <name> .................................................................................... 192
set timezone ..................................................................................................... 193
set user <name> ............................................................................................... 196
set vlan ............................................................................................................. 198
show activen .................................................................................................... 199
show admin ...................................................................................................... 202
show admin audit ............................................................................................. 204
show admin cli ................................................................................................. 205
show admin email ............................................................................................ 206
show admin interface ....................................................................................... 207
show admin log ................................................................................................ 208
show admin netmask ........................................................................................ 209

show admin scp ................................................................................................ 210
show admin snmp ............................................................................................ 211
show admin snmp trap ..................................................................................... 213
show admin soap .............................................................................................. 215
show admin ssh ................................................................................................ 216
show admin syslog ........................................................................................... 217
show admin tcpdump ....................................................................................... 218
show admin telnet ............................................................................................ 219
show admin tftp ............................................................................................... 220
show admin tsdump ......................................................................................... 221
show admin upgrade ........................................................................................ 222
show admin vip ................................................................................................ 223
show admin webui ........................................................................................... 224
show arp ........................................................................................................... 226
show authentication ......................................................................................... 227
show boot ......................................................................................................... 228
show cache ....................................................................................................... 229
show capacity <seconds> ................................................................................. 231
show clock ....................................................................................................... 232
show cluster <name> ....................................................................................... 233
show cluster <name> apprule .......................................................................... 246
show cluster <name> listen ssl ........................................................................ 247
show cluster <name> listen ssl clientauth ........................................................ 249
show cluster <name | all> stats ........................................................................ 251
show cluster <name | all> stats history ............................................................ 253
show cluster <name> target host <ip:port | all> stats ...................................... 257
show cluster <name> target host <ip:port | all> stats history .......................... 258
show cluster <name> target ssl ........................................................................ 260
show commands ............................................................................................... 262
show config ...................................................................................................... 263
show dashboard ................................................................................................ 266
show dns .......................................................................................................... 268
show ether n ..................................................................................................... 269
show file ........................................................................................................... 271
show flash ........................................................................................................ 272
show floatingvip .............................................................................................. 273
show forwarder <name | all> ........................................................................... 274
show forwarder <name> target host [M | all] stats .......................................... 276
show health remotehost ................................................................................... 277
show hostname ................................................................................................. 278
show license ..................................................................................................... 279
show log ........................................................................................................... 281
show loginbanner ............................................................................................. 282
show netstat ...................................................................................................... 283
show ntp ........................................................................................................... 287
show ntpq ......................................................................................................... 288

show redirector <name> .................................................................................. 289
show redirector <name> listen ssl ................................................................... 291
show route ........................................................................................................ 293
show server ...................................................................................................... 294
show server stats .............................................................................................. 296
show server stats history .................................................................................. 298
show slb ........................................................................................................... 301
show support .................................................................................................... 305
show sync group <name> ................................................................................ 306
show tcpdump .................................................................................................. 307
show timezone ................................................................................................. 308
show traceroute ................................................................................................ 309
show ua ............................................................................................................ 310
show user ......................................................................................................... 311
show version .................................................................................................... 313
show vlan ......................................................................................................... 314
ssldump ............................................................................................................ 315
synchronize group <name> .............................................................................. 316
tcpdump ........................................................................................................... 317
tsdump .............................................................................................................. 319
wall ................................................................................................................... 320
who ................................................................................................................... 321
whoami ............................................................................................................. 322
write ................................................................................................................. 323
Appendix A. Glossary....................................................................... 325

Appendix B. List of Events .............................................................. 331
EMERG Events ................................................................................................ 331
ALERT Events ................................................................................................. 331
Appendix C. Cipher Suites............................................................... 335
10
List of Tables
Optional Features ...................................................................................................... 18
add Options ............................................................................................................... 25
add user Options ....................................................................................................... 29
capture Options ......................................................................................................... 31
clear activen Options ............................................................................................... 34
clear admin Options ................................................................................................. 35
clear authentication Options ..................................................................................... 37
clear cache <name> Options..................................................................................... 38
clear cluster <name> Options ................................................................................... 39
clear cluster <name> listen ssl clientauth Options.................................................... 42
clear dns server Options............................................................................................ 44
clear forwarder <name> Options .............................................................................. 45
clear health remotehost Options ............................................................................... 47
clear log Options ....................................................................................................... 48
clear ntp server Options ............................................................................................ 49
clear redirector <name> Options .............................................................................. 50
clear server Options .................................................................................................. 52
clear slb Options ....................................................................................................... 53
clear user Options ..................................................................................................... 55
clear vlan Options ..................................................................................................... 57
copy Options ............................................................................................................. 60
delete Options ........................................................................................................... 63
display Options ......................................................................................................... 66
export Options........................................................................................................... 69
gen Options ............................................................................................................... 71
help Available Commands........................................................................................ 74
import Options .......................................................................................................... 77
list Options ................................................................................................................ 84
set activen Options.................................................................................................... 90
set admin audit Options ............................................................................................ 94
set admin cli Options ................................................................................................ 95
set admin email Options ........................................................................................... 96
set admin interface Options ...................................................................................... 97
set admin log Options ............................................................................................... 98
set admin scp options .............................................................................................. 101
set admin snmp Options.......................................................................................... 102
set admin snmp trap Options .................................................................................. 104
set admin soap Options ........................................................................................... 106
set admin ssh Options ............................................................................................. 107
set admin syslog Options ........................................................................................ 108
set admin tcp dump Options ................................................................................... 110
set admin telnet Options ......................................................................................... 112
11
set admin tftp Options............................................................................................. 113

set admin tsdump Options....................................................................................... 114
set admin upgrade Options ..................................................................................... 116
set admin webui Options......................................................................................... 119
set boot Options ...................................................................................................... 121
set cache <name> Options ...................................................................................... 122
set clock Option ...................................................................................................... 123
set cluster <name> aaa audit Options ..................................................................... 124
set cluster <name> aaa authentication Options....................................................... 125
set cluster <name> apprule Options........................................................................ 128
set cluster <name> cache Options .......................................................................... 130
set cluster <name> connbind Options..................................................................... 131
set cluster <name> convert302protocol Options .................................................... 132
set cluster <name> description Options.................................................................. 133
set cluster <name> dsr Options............................................................................... 134
set cluster <name> health Options.......................................................................... 135
set cluster <name> listen Options........................................................................... 137
set cluster <name> listen ssl Options...................................................................... 139
set cluster <name> listen ssl clientauth Options..................................................... 141
set cluster <name> name Option ............................................................................ 143
set cluster <name> owa Option .............................................................................. 144
set cluster <name> stats history Option.................................................................. 145
Set Cluster <name> Sticky Options........................................................................ 146
set cluster <name> target Options .......................................................................... 148
set cluster <name> target ssl Options ..................................................................... 150
Target Application Tune Options ........................................................................... 152
Target Web Server Tuning Options........................................................................ 153
NTLM Authentication Tuning Options .................................................................. 153
set cluster <name> transparency Options ............................................................... 155
set cluster <name> weblog Options........................................................................ 157
Web Log Field Definitions ..................................................................................... 158
set cluster <name> weblog batch Options .............................................................. 160
set dns Options........................................................................................................ 162
set ether n Options .................................................................................................. 163
set forwarder <name> Options ............................................................................... 165
set forwarder <name> listen ssl Options................................................................. 167
set forwarder <name> target ssl Options ................................................................ 170
set health remotehost Options................................................................................. 172
set hostname Option................................................................................................ 173
set ntp Options ........................................................................................................ 174
set password Option................................................................................................ 175
set redirector <name> Options................................................................................ 176
set redirector <name> listen Options ...................................................................... 178
set redirector <name> listen ssl Options................................................................. 179
set route Option....................................................................................................... 182
set server Options.................................................................................................... 183
12
Range of Simultaneous Connections ...................................................................... 184

set server failover Options ...................................................................................... 185
set server reversepath Options ................................................................................ 186
set slb Options......................................................................................................... 187
set sync group <name> Options.............................................................................. 192
set time zone Option ............................................................................................... 193
Time Zones ............................................................................................................. 193
set user name Options ............................................................................................. 196
set vlan Options ...................................................................................................... 198
show activen Options.............................................................................................. 199
activen Statistics ..................................................................................................... 200
show admin Options ............................................................................................... 202
show admin audit Option ........................................................................................ 204
show admin cli Option ............................................................................................ 205
show admin scp Options ......................................................................................... 210
show admin snmp Options...................................................................................... 211
show admin snmp trap Options .............................................................................. 213
show admin soap Options ....................................................................................... 215
show admin ssh Options ......................................................................................... 216
show admin syslog Options .................................................................................... 217
show admin tcpdump Options ................................................................................ 218
show admin telnet Options ..................................................................................... 219
show admin tsdump Options................................................................................... 221
show admin upgrade Options ................................................................................. 222
show admin webui Options..................................................................................... 224
show authentication cache Options......................................................................... 227
show cache <name> Options .................................................................................. 229
show cluster <name> Options................................................................................. 233
Notes on Number of Connections........................................................................... 239
show cluster <name> apprule Options.................................................................... 246
show cluster <name> listen ssl Options.................................................................. 247
show cluster <name> listen ssl clientauth Options................................................. 249
show cluster <name | all> stats Options.................................................................. 251
show cluster <name | all > stats history Options .................................................... 253
Browsers ................................................................................................................. 254
Methods .................................................................................................................. 255
Request Errors......................................................................................................... 255
Request Version ...................................................................................................... 255
Content Types ......................................................................................................... 256
show cluster <name> target host <ip:port | all> stats Options................................ 257
show cluster <name | all > target host <ip:port | all> stats history Options............ 258
show cluster <name> target ssl Options ................................................................. 260
show dns Options.................................................................................................... 268
show ether n Options .............................................................................................. 269
show file Option...................................................................................................... 271
show forwarder <name> Options ........................................................................... 274
13
show health remotehost Options............................................................................. 277

show license Options .............................................................................................. 279
show log Options .................................................................................................... 281
show netstat Options ............................................................................................... 283
show ntp Options .................................................................................................... 287
show redirector <name> Options............................................................................ 289
show redirector <name> listen ssl Options............................................................. 291
show server Options................................................................................................ 294
show server stats Options ....................................................................................... 296
show server stats history Options ........................................................................... 298
show slb command Options .................................................................................... 301
show slb command Permutations ........................................................................... 301
show sync group Options........................................................................................ 306
show time zone Options.......................................................................................... 308
show user Options................................................................................................... 311
show vlan Options .................................................................................................. 314
tcpdump Options..................................................................................................... 317
write Option ............................................................................................................ 323
EMERG Events Messages ...................................................................................... 331
ALERT Events Messages ....................................................................................... 331
SSL Cipher Suites ................................................................................................... 335
14
Chapter 1. Introduction
Chapter 1.
Introduction
This manual provides a complete reference for the Command Line interface. Commands are
provided alphabetically in UNIX Manual (man) page format, and each man page has the
following sections:
Purpose: the reason for using the command
Options: all options under this command
Notes: the context for using the commands and references to other commands that may be
related
Examples: annotated examples
At the back of the manual are three appendices:
Appendix A: Glossary
Appendix B: List of Events
Appendix C: Cipher Suites
For additional information regarding the context and usage of the command set, see the T|X Web
I/O Processor Installation and Administration Guide or the E|X Enterprise Application
Processor Installation and Administration Guide.
Note: The T|X Web I/O Processor and the E|X Enterprise Application Processor are
collectively referred to as the appliance in this manual.
Tips for Help on Commands

The help command can be used to find syntax and/or a brief explanation of each command
(refer to help on page 74).
The show commands command provides a hierarchical list of all commands.
Typing a command with an incomplete argument followed by the tab key will provide a list of
valid options for that command.
15
Notes on Set Commands

In general, set commands are divided into two groups.
One group of set commands takes effect only after an explicit write operation.
The other group of set commands will take effect immediately after the set command is
entered. These are the commands that change the state of the appliance:
Adding and removing users
Setting user parameters
Setting the appliance up or down
Setting the Telnet service up or down
Setting the Secure Socket Shell (ssh) service up or down
Setting the Web User Interface (WebUI) service up or down
Setting the SNMP service up or down
Setting the administrative password for the appliance
Setting the SOAP server up or down
Setting ActiveN enabled or disabled
Setting the Serverl load Balancer (SLB) enabled or disabled
After using the set and clear commands to make changes you will see the (*) prefix at the
command line prompt. This indicates that configuration settings have been changed, but that
the changes have not yet been saved. With the exception of a few commands, changes do not
take effect and are not saved until you enter the write command.
To apply and save the configuration changes, enter the command:
ex% write
If you have not yet entered the command write, you can revert to the configuration settings
that existed before changes were made by entering the command:
ex% reload
Set commands that control the state of the E|XT|X unit take effect immediately without use of
the write command. These are:
set server [ up | down ]

set admin ssh [ up | down ]
set admin telnet [ up | down ]
set admin webui [ up | down ]
set admin snmp [ up | down ]
Note: If you wish to preserve the configuration so that it becomes active again on the next bootup, you must follow these set command with a write command.
16
Cluster, Redirector, and Forwarder Naming Conventions

This feature allows you to name a cluster, redirector, or forwarder (Cluster in its general
sense) to enhance the usability of the T|X and the E|X. A default name will be assigned when a
name is not provided. It will be most useful for medium to large customers that have multiple
Clusters and need easier identification (e.g., meaningful identifier instead of a number) for ease
of management. In addition, this feature solves the problem of Cluster renumbering when a
Cluster is deleted.
You can name a cluster, redirector, or forwarder at creation or after it is created. You can also
rename an existing cluster, redirector, or forwarder. Names are subject to these restrictions:
Names can be up to 32 characters long.
The strings all, cache, and NULL are reserved names and must not be used as a
cluster name.
Names are case-sensitive, except for the reserved names all, cache, and NULL.
No variations of these words can be used.
Names can be any valid character string and may be integer-only. Valid characters are:
@;$^&*()=+!<>,[]/_.+-0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
The name cannot contain white space.
When a cluster, redirector, or forwarder is created without a name specified, a name is automatically created. The name for this unnamed Cluster follows the previous behavior as
much as possible. Configuration exports from previous releases contain the number of the
cluster in the add command, and the remaining Cluster configuration commands in the export depend upon the implied identifier of 1,2,3, . . . Using the next available integer as
the implied name for a Cluster mimics the behavior in previous releases. This way, imports of configurations from previous releases continue to function.
You can not create a new cluster, redirector, or forwarder if the specified name is already
in use. The name space that is considered for name collisions is limited to the type of cluster being added, e.g., when adding a redirector, the appliance will only examine the names
of other redirectors for collisions. This allows a cluster, forwarder, and redirector to all
share a name of 1. This is needed for backwards compatibility.
All references to cluster, redirector, and forwarder use a name instead of a numbered index. The ability to refer to a cluster by index will no longer be supported.
Examples are:
% set cluster <N> ' becomes '% set cluster <name>
% show cluster <N> ' becomes '% show cluster <name>
% delete cluster <N> ' becomes '% delete cluster <name>
% set redirector <N> ' becomes '% set redirector <name>
% show redirector <N> ' becomes '% show redirector <name>
% delete redirector <N> ' becomes '% delete redirector <name>
% set forwarder <N> ' becomes '% set forwarder <name>
% show forwarder <N> ' becomes '% show forwarder <name>
% delete forwarder <N> ' becomes '% delete forwarder <name>
17
Integer-only names are assigned when no name is specified. The next available lowest integer is used for the assigned names. Example: if you add four clusters without names, the
clusters 1, 2, 3, and 4 will be created. If you then delete cluster 2, the remaining
clusters names will not change, leaving clusters 1, 3, and 4. If you then add another
cluster without a specified name, the assigned name will be 2 since this is the next lowest available integer. This is referred to as filling the holes, and is different from the previous behavior where after deleting cluster 2, the cluster numbers collapsed leaving
clusters 1, 2, and 3, and the new cluster's number would then be 4. This is because
all clusters are now referred to by name instead of index.
The cluster name is included as part of the add command on a configuration export.
The sort order for display of clusters (including tab completion) mimics sort -n behavior. This sorts the names according to arithmetic value for any and all leading numeric values in a name. Example: 23www will be listed before 3abc, and 9 will be listed before 11.
As an additional assistance for identification and purpose of clusters, redirectors, and
forwarders, a description can be applied to individual Clusters. This description is limited to
512 characters and is expected to be free-form text but may not include newlines. This allows
administrators to fully describe the Cluster's usage, contact information, warnings, or any other
pertinent information deemed necessary.
Optional Features
Certain features within the Redline product line are optional (see Table 1-1). They are enabled
through the use of a license key. If you wish to enable any of these optional features, contact
your Redline Sales Representative.
Table 1-1
Optional Features
Available on
Feature
T|X
E|X
OverDrive
Outlook Web Access
HTTP Authentication
(RADIUS, LDAP)
ActiveN
Y1
Browser Compression
3G Cache
1.Not available on the T|X 2000 Web I/O Processor
Web Interface for Web I/O Accelerator

In addition to the command line interface, Redline Networks supports a web interface to the
Web I/O Accelerator known as the Web User Interface (WebUI).
18
For more information on the WebUI, see T|X Web I/O Processor Installation and
Administration Guide or the E|X Enterprise Application Processor Installation and
Administration Guide.
19
20
Chapter 2. Administrative Rights
Chapter 2.
Administrative Rights
The Web I/O Accelerator Command Set allows different levels or classes of user access to
provide you with better management and user accountability. These levels of access increase as
needed to perform various management tasks. The objective of this feature is to differentiate:
Administrators vs. Operators
Network administration vs. Security administration
Administrative rights are for installations with IT organizations that have a clear responsibility
division between network and security functions. They are also valuable for installations that
need different levels of administrators and operators because each class of users can perform
certain tasks but not all tasks. Essentially, the ability to support an organization that has dumb
operators vs. smart administrators.
How certain commands operate depends on the access rights a user has. He or she will get
different results depending on their class of user access. The following are the commands in this
category:
%show cluster; If a network_oper or network_admin performs a show cluster
command, he or she will not see the SSL information.
%show config
%display config
%import config
%export config; A user only gets to import/export the commands that he or she is
allowed to execute based on his/her access rights.
Access Classes
Access classes are grouped into three categories as follows:
Users
For the User class, interaction with the appliance is completely passive; nothing can be changed
on the appliance. Users can display information but not make any configuration or operational
state changes. This is useful for users in the Network Operations Center (NOC) that need to
view information on all devices, but not make any changes.
Operators
Operators have access to the management features used for daily operations, but operators are
not allowed to change any configurations. Operators can view information, make changes to the
state of services, and enable or disable target servers. Operators are not able to severely impact
appliance operation.
Administrators
Administrators are the only ones that are allowed to make permanent changes to the appliance
configuration. Only administrators can access functions to configure and troubleshoot problems
on the appliance.
21
Passwords
Access to the appliance is controlled by a unique username and password combination. The
characteristics of the username and password are:
The username and password are case-sensitive.
The length of the username is:
4 characters minimum
16 characters maximum
The length of the password is:
6 characters minimum
128 characters maximum
The word all is a reserved word and cannot be used as a username.
The username redline is a reserved word and is the default Administrator for the appliance.
A user may be assigned one or more Roles, as described in the section Roles below.
A user can be assigned more then one role.
You can have more than one user assigned to a role, including the Administrator.
Roles
These are the different roles that can be assigned to a user:
Administrator: administrator
A user with the role Administrator can execute all commands. There is a default
Administrator with the reserved name redline that cannot be deleted. During the initial setup,
the appliance prompts for the password for the administrator redline. Once you have logged
in as the Administrator redline, you can assign the Administrator role to other users. Only
the Administrator can set up user accounts for different levels of access.
Network Administrator: network_administrator
A user with the role Network Administrator can execute all commands, except SSL-related
features.
Network Operator: network_operator
A user with the role Network Operator can execute all read commands and enable or disable
the following:
Target Servers
State of services:
Server
Telnet
Web UI
SSH
SNMP
22
Security Administrator: secure_administrator
A user with the role Security Administrator can execute all SSL-related features only.
Security Operator: secure_operator
A user with the role Security Operator can execute all read commands for SSL features only.
User: user
A user with the role User can view all status information and statistics, but cannot make any
configuration changes or service state changes to the appliance. This is extremely useful for
customers with a Network Operations Center (NOC) that has operators that should only view
information about the appliances.
Administrative Management
Management of the appliance is subject to these limitations. For this discussion, the term user
does not refer to the access class User as previously defined, but rather a person that
administers the appliance.
Administrator Rights
Only the Administrator can create a user and define the roles for that user.
The Administrator can disable a users access and delete the user completely.
The Administrator can also change the password of any user.
The Administrator can assign and clear roles.
Changing and Resetting Passwords
Pressing the password reset button at the back of the appliance clears the password for
the default administrator redline.
Each user can change his/her own password using the existing %set password command, while logged in.
An alert event is sent when a user fails to log on three consecutive attempts.
Passwords and user information are not exported as part of an export configuration
operation, but can be exported using the export user command. For detailed information on
the export commands, see export on page 69.
23
24
Chapter 3. Command Reference
Chapter 3.
Command Reference
add
Purpose
Use the add command to create a new ActiveN blade, group, cluster, forwarder, redirector, user,
server load balancer, or a route.
Roles
add
Role
activen blade
activen group
cache
cluster
ether
floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
add
Role
forwarder
redirector
route
slb group
sync group
user
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-1 can be entered after the add command.
Table 3-1
add Options
Options
blade1
Value
Description
Adds a new ActiveN blade. An index
is returned.
See the ActiveN chapter of the In-
<real IP>
stallation and Administration Guide

for more information.
activen
group1 [name]
<ip:port>
Adds a new ActiveN group with optional name and VIP and port.
See the ActiveN chapter of the In-
stallation and Administration Guide

25
Table 3-1
add Options
Options
Value
cache
cluster
ether
<name>
Adds a named cache. The name can

be up to 32 characters long and can
be any valid character string and
may be integer-only.
The valid characters are:
@;$^&*()=!?<>,[]/_.+-0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Reserved rlshell keywords such as
"all", "none", and "?" are considered
invalid.
<name>
Adds a new cluster. See Cluster,

Redirector, and Forwarder Naming
Conventions on page 17 for information on naming conventions.
<id>
1
Description
subnet
<ip>
<netmask>
Adds a subnet to an interface.
floatingvip
<ip>
Adds a floating VIP.
forwarder
<name>
Adds a new forwarder.
redirector
<name>
Adds a new redirector.

Adds a static route. Refer to add
route on page 28 for additional information.
route
slb
group
<name>
Adds a new Server Load Balancer

group with optional name and VIP
and port.
<ip:port>
<name>
sync
group
<name>
user
Creates a synchronization group.

member
<memberid>
<name>
Adds a member to the synchronization group. <memberid> is either

<hostname:port> or <ip:port>
Adds a new user. Refer to add user
on page 29 for additional information.
1.This command requires an ActiveN license before it can be used.
Notes
The add user command takes effect immediately. The remainder of the commands do not take
effect until after a write operation.
Examples
add cluster marketing
Add a new cluster with the name marketing. The response will be:
tx2% add cluster marketing
Created cluster marketing
(*) tx2% add cluster marketing
Error: duplicate name marketing
You can then set the attributes of the cluster.
26
add cluster
Add a new cluster without a specified name; a default name will be assigned. The response
will be:
tx2% add cluster
Created cluster <default name>
(*) tx2%
You can then set the attributes of the cluster.
add forwarder
Add a new forwarder without a specified name. The response will be:
tx2% add forwarder
Created forwarder <default name>
(*) tx2%
You can then set the attributes of the forwarder.
add redirector webhost
Add a new redirector with the name webhost. The response will be:
tx2% add redirector webhost
Created redirector webhost
(*) tx2%
You can then set the attributes of the redirector.
add slb group natgroup 100.100.100.100:20
Adds a new Server Load Balancer group with the name natgroup. The response will be:
tx2% add slb group natgroup 100.100.100.100:20
Group natgroup added
(*) tx2%
add cache secureImages-01_01
Adds a 3G Cache named secureImages-01_01
tx2% add cache secureImages-01_01
Cache secureImages-01_01 added
(*) tx2%
27
add route
Purpose
Use the add route command to add a static route.

Roles
Role
add route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The format of the add route command is as follows:

add route <destination> <gateway> [netmask]
<destination> is the IP address of the destination network.
<gateway> is the IP address of the router you want to use.
<netmask> is an optional parameter. It is used to set the netmask for the router that you want
to use.
The default is set to 255.255.255.255, which represents a host route.
Notes
None
Examples
add route 66.12.13.5 192.168.0.10
Adds a static route to the host 66.12.13.5 through gateway 192.168.0.10.
add route 66.12.13.0 192.168.0.10 255.255.255.0
Adds a static route to the network 66.12.13.0/24 through gateway 192.168.0.10.
28
add user
Purpose
Use the add user command to add a new user for managing the T|X or E|X.
Roles
Role
Admin
add user
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-2 can be entered after the add user command.
Table 3-2
add user Options
Options
Description
<blank>
Adds a new user for managing the T|X or E|X. User name will be prompted.
<username>
Adds a new user for managing the T|X or E|X with the <username> specified. The user
name must between four and sixteen characters long.
Notes
The user is added immediately after executing this command without using a write operation.
After adding the new user, you will need to assign a role, set the password, and enable the user
to complete the process. A new user without a role assigned will have very limited rights and
can only access the following commands:
%cls
%exit
%help
%history
%quit
%set password
%show cluster
%show commands
%show forwarder
%show hostname
%show redirector
%show servers
%show support
%show ua
%show version
%who
%whoami
29
The role of the new user as displayed by the commands %show user and %whoami is
(none).
Examples
add user ralph
Add a new user with the user name ralph. An example of the output is:
tx6% add user ralph
User ralph has been added. Please perform the following
to complete the addition of this user:
- set a password
- enable the user
- assign a role (optional)
add user
Adds a new user. The CLI will prompt for the user name.
30
capture
Purpose
Use the capture command to capture data entered on the screen into a file on the appliance.
This command is used to capture login banners, SSL keys or certificates, or license information
from the terminal into the appliance. Note that the roles required to execute the various capture
commands depend on what is being captured.
Roles
capture
Role
Admin
file
license
loginbanner
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-3 can be entered after the capture command.
Table 3-3
Options
file
capture Options
Value
<filename>
Description
Captures an SSL key or certificate from the terminal into
the appliance.
license
Installs the license key for the appliance. The source can
be the console, telnet, or SSH.
loginbanner
Captures a custom login banner.
Notes
This operation is used for capturing login banners, SSL keys, SSL Certificates, and the license
key for the appliance into a file. To capture the file, you paste the contents of the file into the
console and then end the file with a period on a blank line.
The login banner allows for some print-style substitutions, as follows:
%h
%d
%s
%v
%b
%%
hostname
date
system (Redline Networks)
product version
product build id
show the percent character
When the banner display encounters one of these substitution strings, it extracts the information
from the appropriate place in the operating system and displays it. This information cannot be
changed by the user.
31
Note: You can put HTML in your login banner, and it will display correctly on the
WebUI. However, the appliance does not parse out HTML code when displaying the
banner on the Command Line Interface, so the HTML code will be displayed along
with the desired banner.
Examples
capture file my_key
Start by capturing an SSL Key from the terminal and name it my_key. You will need to
paste the content of the file and end the file with a period on a blank line. An example of the
output is:
2200% capture file my_key
Enter file. End with period on a blank line.
-----BEGIN CERTIFICATE----MIIDejCCAuOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA
EjAQBgNVBAgTCURFTU8gT05MWTESMBAGA1UEBxMJREVNTyBPT
EwlERU1PIE9OTFkxEjAQBgNVBAsTCURFTU8gT05MWTESMBAGA1
TkxZMRgwFgYJKoZIhvcNAQkBFglERU1PIE9OTFkwHhcNMDIwMzA1
MDIwMzA2MjM1MzAxWjCBizELMAkGA1UEBhMCWFgxEjAQBgNVBA
WTESMBAGA1UEBxMJREVNTyBPTkxZMRIwEAYDVQQKEwlERU1P
BAsTCURFTU8gT05MWTESMBAGA1UEAxMJREVNTyBPTkxZMRgw
FglERU1PIE9OTFkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoG
HkubHFrpC1tub2CEANVBJsXfk/n8rIe/JlXCm2Gv1Q85Fk6pWh8P597r
gQE/1xBaSEwJv4GuVPtfcGyG8PJmAkoO0d/OkYsYHlZJG7aIMmJB1
mFIgT9EJ7nZAyE/Rb1p6dmJBNZYtOMaXAgMBAAGjgeswgegwHQY
MnFJOsgvF3B4HuaX9fBBDk9xMIG4BgNVHSMEgbAwga2AFCCeMn
9fBBDk9xoYGRpIGOMIGLMQswCQYDVQQGEwJYWDESMBAGA1U
MRIwEAYDVQQHEwlERU1PIE9OTFkxEjAQBgNVBAoTCURFTU8gT
CxMJREVNTyBPTkxZMRIwEAYDVQQDEwlERU1PIE9OTFkxGDAW
CURFTU8gT05MWYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb
L8dbydfkNbydH3wHcF5uUuLG5rajGzput7GrQEjKUmKEB+bI/VIRbPQ
W0FOiR7MsY64y5cbpMoGrfZ2qNgNKF+i6WLlmTfh4+1tKiCMnhTRP
hivbsYqWBdOFwrkqAUapuUDwctaAxV2pwJos47IO
-----END CERTIFICATE----.
2200% list file
democert
demokey
my_key
capture license
Installs the license key for the appliance by capturing the license key text. The key text either
can be typed in or pasted from the console, telnet, or SSH.
capture loginbanner
Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.
.
Sets the login banner to: Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.
32
tx% capture loginbanner

Enter banner. End with . on a blank line.
%%h hostname: %h
%%d date: %d
%%s system: %s
%%v version: %v
%%b build id: %b
.
Banner saved.
tx% show loginbanner
%h
%d
%s
%v
%b
hostname: tx5.redlinenetworks.com
date: Tue Jul 20 19:18:32 PDT 2004
system: Redline
version: 3.3.7
build id: 0
Sets the login banner to show critical parameters.
33
clear activen
Purpose
Use the clear activen commands to clear ActiveN server settings. This includes resetting the
member IP Address or statistics for a group, and removing a complete ActiveN Group. This
command can also be used to disassociate a blade from a group, or clear the statistics for a
blade.
Roles
Role
clear activen
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-4 can be entered after the clear activen command.
Table 3-4
Options
Value
blade
<ip | all>
failover
bindaddr
group
clear activen Options
<none | all>
Description
stats
Clears the statistics for a blade.

Clears the failover bind address for ActiveN.
blade
<ip | all>
stats
stats
Disassociates a blade from a group. Using all removes all

blades from the group.
Clears the statistics for an ActiveN group.
Clears overall statistics for the group and blade.
Notes
This command requires an ActiveN license before it can be used.

Examples
clear activen group <name> blade
Disassociates a blade from the named group.
clear activen group <name> stats
Clears the statistics for the named activen group.
34
clear admin
Purpose
Use the clear admin command to clear administrative settings such as TFTP, SCP, syslog,
E-mail, interface, TSDump, TCPDump, and logging.
Roles
Role
clear admin
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-5 can be entered after the clear admin command.
Table 3-5
clear admin Options
Options
email
Value
Description
defaultmailto
Clears the default email address for sending logs.
interface
log
scp
snmp
syslog
tcpdump
tftp
tsdump
Clears the administrator ethernet interface settings.

console
Clears the log level at which console logs are sent.
email
Clears the log level at which E-mail messages are

sent.
mailto1
Clears the first mailto address.
mailto2
Clears the second mailto address.
syslog
Clears the log level at which syslog logging occurs.
server
Clears server settings SCP transfers.
username
Clears the username used for SCP transfers.
trap host
1|2
Clears SNMP trap host 1 or trap host 2 settings.
facility
Sets the syslog facility settings back to the default value.
host1
Clears the first syslog host.
host2
Clears the second syslog host.
mailto1
Clears the first E-mail address for tcpdump.
mailto2
Clears the second E-mail address for tcpdump.
server
Clears the TFTP server.
mailto1
Clears the first E-mail address for tsdump.
mailto2
Clears the second E-mail address for tsdump.
35
Notes
Clearing the admin interface also clears the admin VIP.

Examples
clear admin tftp server
Clears the TFTP server name or IP address.
clear admin scp server
Clears the SCP server name or IP address.
clear admin syslog host1
Clears host1 in the syslog settings.
clear admin tcpdump mailto1
Clears mailto1 in the TCPDump setting.
clear admin syslog facility
Clears the syslog facility settings.
36
clear authentication cache

Purpose
Use the clear authentication command to clear the authentication cache.

Roles
clear authentication
cache
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-7 can be entered after the clear authentication command.
Table 3-6
clear authentication Options
Options
cache
Description
Clears the authentication cache.
Notes
The settings made by this command will only take effect after a write operation.
Examples
37
clear cache
Purpose
Use the clear cache <name> command to clear statistics or cache objects for the named cache.
Roles
Role
clear cache <name>
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-7 can be entered after the clear cache command.
Table 3-7
clear cache <name> Options
Options
Value
Description
<blank>
Clears all objects and statistics from the named cache.
stats
Clears the statistics for the named cache.
Notes
Examples
clear cache secureImages stats
Clears the statistics for the named cache.
clear cache secureImages
Clears all objects and statistics from the named cache.
38
clear cluster <name>

Purpose
Use the clear cluster <name> command to clear cluster options, or the certfiles, passwords,
and the keyfiles associated with the SSL traffic of a listener or target.
Roles
Role
aaa authentication
apprule
cache
description
health
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Role
Admin
listen
target host
target localip
target ssl
weblog
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-8 can be entered after the clear cluster <name> command.
Table 3-8
clear cluster <name> Options
Option
Value
ldap
base-dn
Clears the root distinguished name user for the cluster.
gid
Clears the Group ID used for the cluster.
server N ip
Clears the LDAP server IP address. N is either 1 or 2.
ssl
aaa
authentication
cacertfile
Clears the ca cert file for SSL.
uid
Clears the User ID used for the cluster authentication.
server N ip
Clears the IP address of the Radius server for the cluster. N is either 1 or 2.
server key
Clears the authentication key for the Radius server used

by the cluster.
radius
realm
Description
This command is used to reset the realm name that is

displayed in the login pop-up dialog box.
39
Table 3-8
clear cluster <name> Options
Option
aaa
authentication
apprule
Value
redirect
Description
host
Resets the redirect host to its default value.
protocol
Resets the redirect protocol to its default value.
url
Resets the redirect URL to its default value.
response text
Clears the response string added to HTTP 401 responses.
ruleset
Clears the AppRules filename setting.
cache
Clears the cached objects for the clusters cache.
description
Clears a description associated with a cluster. For more

information, see set cluster <name> description on
page 133.
health
listen
size
Clears the size of the return page.
string
Clears the string sent during a health check.
ssl
certfile
Clears the listen-side SSL certfile for the cluster.
clientauth 1
Clears SSL client authentication parameters.

Refer to clear cluster <name> listen ssl on page 42 for
additional information.
ephkeyfile
Clears the listen-side SSL ephemeral key for the cluster.
ephkeypass
Clears the listen-side SSL ephemeral key password

(pass phrase) for the cluster.
keyfile
Clears the listen-side SSL keyfile for the cluster.
keypass
Clears the listen-side SSL keypass (pass phrase) for the

cluster.
stats
Clears the statistics for a cluster.

host
localip
<ip:port>
Clears the specific target host.
all
Clears all the target hosts.
<ip>
Removes the local IP setting for the cluster.
target
certfile
Clears the target-side SSL certfile for the cluster.
keyfile
Clears the target-side SSL keyfile for the cluster.
keypass
Clears the target-side SSL L keypass (pass phrase) for

the cluster.
copy time
<1 | 2 | 3>
Clears one of the three times for the Web Log to be

transmitted to the configured syslog server.
scp
keyfile
Clears the (non-password protected) private key.
host
Clears the weblog host for a specific cluster or for all

clusters.
ssl
batch
weblog
syslog
1.This command is only available on the E|X Enterprise Application Processor product line.
Notes
None
40
Examples
clear cluster 1 listen ssl certfile
Clears the certfile for listen traffic on the cluster.
clear cluster 1 health string
Clears the string to check for content health checking.
clear cluster 1 apprule ruleset
Clears the apprule ruleset for Cluster 1.
41
clear cluster <name> listen ssl

Purpose
Use the clear cluster <name> listen ssl clientauth command to clear out a CA cert file, CA
CRL file, or a CA trusted certificate. This feature is only available on the E|X Enterprise
Application Processor product line.
Use the clear cluster <name> listen ssl ephkeyfile and clear cluster <name> listen ssl
ephkeypass commands to clear out an ephemeral key file name and ephemeral key password.
This feature is available on both the T|X Web I/O Processor and the E|X Enterprise Application
Processor.
Roles
listen ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-9 can be entered after the clear cluster <name> listen ssl
command.
Table 3-9
clear cluster <name> listen ssl clientauth Options

Options
certfile
clientauth
Description
1
Clears the value of the certificate file, making this field empty.
cacertfile 1
Clears the value of the CA certificate file, making this field empty.
cacrflfile 1
Clears the value of the CA CRL file, making this field empty.
catrustfile 1
Clears the value of the CA trusted file, making this field empty.
ephkeyfile
Clears the ephemeral key file name.
ephkeypass
Clears the ephemeral key password.
keyfile
Clears the listen-side SSL keyfile for the cluster.
keypass
Clears the listen-side SSL keypass (pass phrase) for the cluster.
1.This feature is only available on the E|X Enterprise Application Processor product line.
Notes
None
42
Example
clear cluster 1 listen ssl clientauth cacertfile
Clears the CA certificate file for listen traffic on cluster 1.
43
clear dns server

Purpose
Use the clear dns server command to clear a specific DNS server or all DNS server settings.
Roles
Role
clear dns server [n | all|]
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-10 can be entered after the clear dns server command.
Table 3-10
clear dns server Options
Options
Description
Clears a specific DNS server N, where N = 1, 2, or 3.
all
Clears all DNS servers.
Notes
None
Examples
clear dns server 1
Clears DNS server 1.
clear dns server all
Clears all DNS servers.
44
clear forwarder <name>

Purpose
Use the clear forwarder <name> command to remove the target hosts from the forwarder.
Use the clear forwarder <name> target host command to remove a target host from the
forwarder.
Roles
clear forwarder <name>
Role
description
name
listen
stats
target
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-11 can be entered after the clear forwarder <name> command.
Table 3-11
clear forwarder <name> Options
Options
Value
Description
Clears a description associated with a forwarder. For more information, see set forwarder <name> on page 165.
description
listen
ssl
certfile
Clears the listen-side SSL certfile for the forwarder.
clientauth
Clears the listen-side SSL client authentication parameters.
ephkeyfile
Clears the listen-side SSL ephemeral key for the forwarder.
ephkeypass
Clears the listen-side SSL ephemeral key password (pass phrase)

for the forwarder.
keyfile
Clears the listen-side SSL keyfile for the forwarder.
keypass
Clears the listen-side SSL keypass (pass phrase) for the forwarder.
stats
Clears the statistics for a forwarder.
target
Clears all parameters related to the specific target.

host
<ip: port>
Clears the specific target host.
all
Clears all the target hosts.
localip <ip>
target
ssl
Removes the local IP setting for the forwarder.

certfile
Clears the target-side SSL certfile for the forwarder.
keyfile
Clears the target-side SSL keyfile for the forwarder.
the target-side SSL L keypass (pass phrase) for the forwardkeypass Clears
er.
45
Notes
None
Examples
clear forwarder 1 target host 10.10.10.10:80
Clears all target settings for host 10.10.10.10.
clear forwarder 1 target host all
Clears all target all server settings.
46
clear health remotehost

Purpose
Use the clear health remotehost command to remove an IP address from Connectivity
Failover health check.
Roles
Role
clear health remotehost
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-12 can be entered after the clear health remotehost command.
Table 3-12
clear health remotehost Options
Option
Value
host
[ip]
Description
Removes an IP address from Connectivity Failover health check.
Notes
None
Examples
None
47
clear log
Purpose
Use the clear log command to clear entries from the Audit, System, and Apprule logs.
Roles
clear log
Role
audit
system
apprule
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-13 can be entered after the clear log command.
Table 3-13
clear log Options
Options
Description
apprule 1
Clears the Apprule log.
audit
Clears the Audit log.
system
Clears the System log.
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive license.
Notes
None
Examples
None
48
clear ntp server

Purpose
Use the clear ntp server command to clear a specific NTP server or all NTP servers.
Roles
Role
clear ntp server
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-14 can be entered after the clear ntp server command.
Table 3-14
clear ntp server Options
Options
Description
Clears a specific NTP server N, where N = 1, 2, or 3.
all
Clears all NTP servers.
Notes
None
Examples
clear ntp server 1
Clears the NTP server 1.
clear ntp server all
Clears all NTP servers.
49
clear redirector <name>

Purpose
Use the clear redirector <name> command to clear out redirector options, or the certfiles,
passwords, and keyfiles associated with the SSL traffic of a redirector. This feature is only
available on the E|X Enterprise Application Processor product line.
Roles
Role
clear redirector
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-15 can be entered after the clear redirector <name> command.
Table 3-15
clear redirector <name> Options
Options
Value
customURL
Clears the URL for redirecting.
description
Clears a description from a redirector. For more

information, see set redirector <name> on
page 176.
host
Clears the setting for the redirector host.
listen
certfile
Clears the redirector listen SSL certfiles.
clientauth
Clears the redirector listen SSL client

authentication parameters.
ephkeyfile
Clears the redirector listen SSL ephemeral keyfiles.
ephkeypass
Clears the redirector listen SSL ephemeral keypass (pass phrase).
keyfile
Clears the redirector listen SSL keyfiles.
keypass
Clears the redirector listen SSL keypass (pass

phrase).
ssl
stats
Notes
None
50
Description
Clears redirector statistics.
Examples
clear redirector 1 listen ssl certfile
Clears certfiles for listen traffic on the redirector.
clear redirector 1 customURL
Clears the custom URL string for the redirector.
51
clear server
Purpose
Use the clear server command to clear server statistics or a custom IP log header.
Roles
clear server
Role
customiplogheader
reversepath
stats
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-16 can be entered after the clear server command.
Table 3-16
clear server Options
Options
Value
Description
customiplogheader
Clears the HTTP header for reporting client IPs to the target server.
reversepath
Clears an entry created by reverse path routing. If you

have a packet from a gateway that isn't your default gateway, you'll never get a response unless you configure
your routing tables to send the packet back to through the
right gateway (route). Reverse path does this automatically.
entry
<ip | all>
stats
Clears the server's I/O, HTTP, and SSL statistics.
Notes
None
Examples
clear server stats
Clears all server statistics, including I/O, HTTP, and SSL statistics of the server.
clear server customiplogheader
Clears a servers custom IP log header.
52
clear slb
Purpose
Use the clear slb command to clear parameters related to the internal Server Load Balancer.
Roles
clear slb
Role
group
stats
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-17 can be entered after the clear slb command.
Table 3-17
clear slb Options

Options
Value
Description
Clears all parameters for the Failover
mechanism.
failover
stats
group
<name | all>
targethost
Clears the statistics for the SLB group.

<ip:port | all>
stats
<blank>
Removes the specified target host(s) from

the group.
stats
Clears the target host statistics.

Clears all statistics for the SLB.
Notes
The clear slb group <name> targethost command will only take effect after a write operation.
All others take effect immediately.
Examples
clear slb stats
Clears server-wide SLB statistics.
clear slb group1 target host all
Removes all target hosts from group1.
53
clear sync group <name>

Purpose
Use the clear sync group command to clear a synchronization group for configuration
synchronization.
Roles
Role
Admin
clear sync group

<name>
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Examples
None
54
clear user
Purpose
Use the clear user command to remove one or more roles from a user.
Roles
Role
clear user
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-18 can be entered after the clear user command.
Table 3-18
clear user Options
Options
<username>
all
Value
role
role
Description
<role1 role2...>
Removes one or more roles from a user;

<role> can be one of the following:
administrator
network_administrator
network_operator
security_administrator
security_operator
user
<role1 role2...>
Removes one or more roles from all users;

<role> can be one of the following:
administrator
network_administrator
network_operator
security_operator
user
This command has no effect on the default account (the account with the user name redline)
and the user with the administrators role who is
making the changes.
Notes
This command will not modify the default redline user or the user with the administrators
role who is making the changes.
55
Examples
clear user bmartino role administrator
Removes the administrator role from the user bmartino.
Clear user bmartino role administrator security_administrator
Removes the administrator and security_administrator roles from user bmartino.
56
clear vlan
Purpose
Use the clear vlan command to clear Virtual LAN parameters.

Roles
Role
clear vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-19 can be entered after the clear vlan command.
Table 3-19
clear vlan Options
Options
Value
Description
all
Clear all tags.
default
Clear the default VLAN.
ip
<ip | all>
Clears the assignment of a VLAN tag to all the packets going from or to this IP address or all addresses
range
<startip-endip | all>
Clears the assignment of VLAN tags to packets going from

or to this range of IP addresses
tag
<tag>
Clear the VLAN with the named tag.
Notes
Examples
clear vlan id 192.168.10.100
Clears the assignment of a VLAN tag to all the packets going to or from the IP address
192.168.10.100.
clear vlan range 192.168.10.100-192.168.10.200
Clears the assignment of VLAN tags to all the packets going to or from the range of IP addresses 192.168.10.100 to 192.168.10.200.
57
cls
Purpose
Use the cls command to clear the screen.

Roles
Role
cls
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
cls
Clears the screen.
58
configure
Purpose
Use the configure command to rerun the configuration walk-through.

Roles
Role
configure
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
configure
Reruns the configuration walk-through.
59
copy
Purpose
Use the copy command to copy configurations, files, and captured TCPDump information.
Roles
copy
Role
config
file
tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
X
X
Options
The options shown in Table 3-20 can be entered after the copy command.
Table 3-20
Options
copy Options
Value
Description
Use copy config to:
Copy configurations from the appliance to a remote location or from a remote
location to the appliance via TFTP or SCP.
Display the CLI commands needed to re-create the configuration on the terminal screen.
Reset the configuration to factory defaults.
config
<src>
<dst>
The format of <src> and <dst> is:

Remote location:
tftp://tftp_server/filename or
scp://scp_server/filename
Local location:
memory: configuration currently stored in memory
active: configurations currently on flash
terminal: the CLI terminal screen
factory: the factory default configuration
local filename: to create a named configuration stored locally.
Either <src> or <dst> must be in memory.
60
Table 3-20
copy Options
Options
Value
Description
Use copy file to:
Display the contents of the file on the terminal screen
Capture a SSL key or certificate as a file onto the appliance
file
<src>
<dst>
The format of <src> and <dst> is:

Local filename
Remote filename:
Terminal: the CLI terminal
The following are invalid copy file operations:
Remote file to the terminal
Remote file to a remote file
Terminal to a remote file
Terminal to the terminal
tcpdump
Use copy tcpdump to send the TCPDump information via E-mail, SCP, or
TFTP as configured in the TCPDump destination using the command:
set admin tcpdump transport [scp|tftp|smtp]
Notes
Copying configurations from a remote location is equivalent to importing a configuration.

This can also be performed by entering the following command:
import config (Refer to import on page 77 for additional information.)
Copying configurations to a remote location is equivalent to exporting a configuration.
This can also be performed by entering the following command:
export config (Refer to export on page 69 for additional information.)
Displaying the CLI commands needed to re-create the configurations can be performed
by entering the following command:
display config (Refer to display on page 66 for additional information.)
To reset all configurations back to factory defaults, enter the following command:
reset config (Refer to reset config on page 89 for additional information.)
Warning: Executing this command will reset the network configuration. If you are
logged in using the Secure Socket Shell or WebUI, you will lose contact with the appliance.
To display the contents of a file, enter the following command:
display file (Refer to display on page 66 for additional information.)
To capture an SSL key or certificate onto a file on the appliance, enter the following command:
capture file (Refer to capture on page 31 for additional information.)
In order to use SCP, you must first configure the environment using the commands:
set admin scp username <user> and
set admin scp server <servername>
61
Examples
copy tcpdump
Copies a previously captured TCPDump to a remote location via configured destinations,
such as TFTP, SCP, or E-Mail.
copy config memory tftp://mytftpserver.domain.com/tx_config
Exports TX configuration to an external host named mytftpserver.domain.com using the
filename tx_config.
copy config scp://myscpserver.domain.com/tx_config memory
Imports a TX configuration from an external host named myscpserver.domain.com using the
filename tx_config into memory.
copy config tftp://mytftpserver.domain.com/tx_config memory
Imports a TX configuration from an external host named mytftpserver.domain.com using the
filename tx_config into memory.
copy config memory terminal
Dumps all commands needed to re-create the configurations onto the screen.
copy config factory memory
Resets the appliance to factory settings.
copy file terminal mycert
Captures information that you provide on the screen to a file called mycert; an example is
to import an SSL certificate or key into the appliance.
copy file democert terminal
Displays the content of the file democert on the screen.
62
delete
Purpose
Use the delete command to delete clusters, forwarders, redirectors, routes, configurations, files,
login banners, server load balancers, and users.
Roles
delete
Role
activen
cache
cluster
config
ether
file
floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
delete
forwarder
login
banner
redirector
route
slb
group
sync
group
user
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-21 can be entered after the delete command.
Table 3-21
delete Options
Options
Value
Description
blade
<ip_addr | all >
Deletes an ActiveN blade specified by index.

Using all deletes all blades.
group
<name | all>
Deletes an ActiveN group. Using all deletes all groups.
activen1
cache
<name>
Deletes the named cache.
<cluster name>
Deletes a specific cluster.
all
Deletes all clusters.
config
<saved_config>
Deletes a previously saved configuration.
ether
<id>
cluster
subnet
<ip>
<netmask>
Deletes an existing subnet from an interface.
63
Table 3-21
delete Options
Options
file
Value
<filename>
Deletes the specified file.
floatingvip <ip | all>

forwarder
Description
Deletes a floating VIP.
<forwarder name>
Deletes a specific forwarder.
all
Deletes all forwarders.
loginbanner
Deletes a previously set login banner.

<redirector name>
Deletes a specific redirector.2
all
Deletes all redirectors.2
route
<id | all>
Deletes the specified route. Show route provides the route number (id).
slb group
<name | all>
Deletes a Server Load Balancer group specified by name. Using all will delete all SLB
groups.
<name>
Deletes a synchronization group.
redirector
sync group <name>
member
<memberid>
Removes a member from the synchronization group. <memberid> is either <hostname:port> or <ip:port>.
all
Deletes all members from the synchronization group.
<user_name>
Deletes a user (for managing the T|X or E|X)

from the system.
all
Deletes all users (for managing the T|X or

E|X) from the system, leaving only the default account with the user name redline,
and the user with the administrator role making the change. This change is immediate;
no write command is needed.
user
1.This command requires an ActiveN license before it can be used.

Notes
Examples
delete cluster all
Deletes all clusters from the appliance configuration.
delete cluster 2
Deletes cluster 2.
delete forwarder all
Deletes all forwarders from the appliance configuration.
64
delete file my_cert

Deletes the file called my_cert.
delete redirector 1
Deletes redirector 1.
delete route 1
Output of show route is:
se2200% show route
Default route: 192.168.0.1
[1] 66.12.13.5 192.168.0.10
[2] 66.12.14.0 192.168.0.11 255.255.255.0
The result of this command will delete the route to the host 66.12.13.5.
delete config my_config
Deletes a previously stored configuration that has the name my_config.
65
display
Purpose
Use the display command to display either the CLI commands required to create the current
configuration or contents of a file.
Roles
display
Role
config
file
loginbanner
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-22 can be entered after the display command.
Table 3-22
display Options
Options
Value
Displays the CLI commands to re-create the current working configuration.
config
file
Description
<filename>
Displays the contents of the specified file.
loginbanner
Displays the banner in its raw form. Substitution strings are shown
in their normal form (%h) instead of the substitution form (hostname).
users
Displays the commands needed to recreate the user accounts.
Notes
None
Examples
display config
Displays the current working configuration.
display file my_ssl_key
Displays the contents of the SSL key name my_ssl_key.
66
display users
Displays the commands needed to recreate the user accounts:
# Redline Config Version 3.1
add user admin1
add user network_admin1
add user secure_admin1
add user network_oper1
add user secure_oper1
add user user1
set user redline password .l/IprUWmZsLw
set user admin1 password $1$btxql$IW7LnNDoRveFGYc5Xk.j4.
set user admin1 role administrator
set user network_admin1 password $1$OvDCI$Rsyx648FMA.6aeYocjNkn0
set user network_admin1 role network_administrator
set user secure_admin1 password $1$C..S4$5UshV3.tQDDJ20PLLGvAl/
set user secure_admin1 role security_administrator
set user network_oper1 password $1$HqVyR$7nnLOouu7LV7y.C3IUAn9/
set user network_oper1 role network_operator
set user secure_oper1 password $1$LxjHg$VoYh7rio7q.Lfsl.vrwGe0
set user secure_oper1 role security_operator
set user user1 password $1$iYjOi$LiguOtuaOWbMrHSVNpq7e0
set user user1 role user
set user redline enabled
set user admin1 enabled
set user network_admin1 enabled
set user secure_admin1 enabled
set user network_oper1 enabled
set user secure_oper1 enabled
set user user1 enabled
Note: The passwords in these examples are shown encrypted.
67
exit
Purpose
Use the exit command to end a session.

Roles
Role
exit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command is the same as the quit command.

Example
exit
Exits a session.
68
export
Purpose
Use the export command to export configurations and user accounts from the appliance to a
remote server via TFTP or SCP.
Roles
export
Role
config
log
ruleset
snapshot
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-23 can be entered after the export command.
Table 3-23
export Options
Options
config
Value
Description
Exports a configuration from the appliance to a remote location via TFTP or
SCP.
<dst>
apprule 1
<dst>
Exports the apprule event log from the appliance to a remote location via
SCP (only).
audit
<dst>
Exports the audit event log from the appliance to a remote location via SCP
(only).
system
<dst>
Exports the system event log from the appliance to a remote location via
SCP (only).
ruleset 1
<src>
<dst>
Exports the OverDrive AppRule rule set from the appliance to a remote
location via TFTP or SCP.
snapshot
system
<dst>
Exports a System Snapshot from the appliance to a remote location via

SCP (only).
users
<dst>
log
Exports user accounts from the appliance to a remote location via TFTP or
SCP.
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive license.
Notes
The format of <dst> is:

Double quotes must be used if the filename has spaces:

tftp://tftp_server/tx config
69
The <scp_server> name is a host name or an IP address. The <filename> is an absolute

path of the file where you would like to export the configuration. The directory specified for the
filename must exist. The System Snapshot can only be exported to an SCP server.
The export config command exports the actual set commands from the CLI to recreate the
configuration, however, it only exports those commands that are allowed by the current role.
The export config operation does not export the following information:
Set commands take effect immediately. These commands include the state of the
various services:
Server
SSH Service
Telnet Service
SNMP Service
Web User Interface Service
Administrative passwords
All SSL private keys, key passwords, certificates and self-signed certificates
User accounts
Because the export config command does not cover these cases, the export audit, export log,
export ruleset, and export users commands were added.
Note: In order to use SCP, you must first configure the environment using the commands:
set admin scp username <user>
and
set admin scp server <servername>
Examples
export config tftp://192.168.40.228/tx_config
Exports the configuration from the appliance to the TFTP server with an IP address of
192.168.40.228 and names the configuration file tx_config.
export log scp://192.168.40.228/tx_log
Exports the event log from the appliance to the SCP server with an IP
address of 192.168.40.228, using the file named tx_log.
export log audit scp://192.168.40.228/audit
Exports the audit trail from the appliance to the SCP server with an IP
address of 192.168.40.228, using the file named audit.
export ruleset <name> tftp://192.168.40.228/ruleset
Exports the OverDrive Application Rules ruleset from the appliance to the TFTP server with
an IP address of 192.168.40.228, using the file named ruleset.
70
gen
Purpose
Use the gen command to generate an SSL private key, an SSL certificate signing request, or an
SSL self-signed certificate.
Roles
Role
Admin
gen
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-24 can be entered after the gen command.
Table 3-24
gen Options
Options
Value
Description
cac
Generates a Self-Signed CA Root Certificate.
csr
<key file>
Generates an SSL Certificate Signing Request. Input to the command

is a 1024-bit RSA private key file and the output is a CSR file.
<key_file> and <csr_file> are optional parameters and will be
prompted on the command line, if not provided.
key
<key file>
ssc
<key file>
<csr file>
Generates a 1024-bit RSA SSL private key.

<ssc file>
Generates an SSL Self-signed Certificate. Input to the command is a

1024-bit RSA private key file and the output is a CSR file.
Notes
You will be prompted for such information as country, state, department, etc. for the certificate.
Refer to the Setting up T|X (or E|X) for SSL Traffic chapter of the Installation and
Examples
gen key
Generates an SSL private key.
gen ssc my_key my_ssc
Generates an SSL self-signed certificate. The input is the SSL private key, my_key and the
output is an SSL Self-signed Certificate, my_ssc.
71
gen csr my_key my_csr

Generates an SSL certificate signing request. The input is the SSL private key, my_key and
the output is an SSL Certificate Signing Request, my_csr.
72
halt
Purpose
The halt command provides you with a graceful mechanism for powering down the appliance.
The file system is mounted with read/write capabilities, and shutting the appliance down using
the halt command reduces the possibility of file system corruption.
Roles
Role
halt
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
After you type in the halt command, a confirmation message will be displayed:
Warning: This device will now shutdown.
Are you sure you want to continue (y/n)? [n] y
Shutting Down. Please wait 30 seconds before unplugging the
power cord once the appliance is halted.
Examples
None
73
help
Purpose
Use the help command to display a help message.

Roles
Role
help
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
As shown in Table 3-25, you will receive a list of the top high-level commands.
Table 3-25
help Available Commands

Commands
add
exit
list
ssldump
capture
export
ping
tcpdump
clear
gen
quit
tsdump
cls
halt
reboot
upgrade
configure
help
reload
wall
copy
history
reset
who
delete
import
set
whoami
display
install
show
write
If you then type help in conjunction with a command that has a sub-command, you will receive
a list of all sub-commands.
74
Example
help set
Displays a list of all the set sub-commands:
activen
admin
boot
clock
cluster
dns
ether
forwarder
hostname
ntp
password
redirector
route
server
timezone
user
Consult your Administration Guide.

set various admin settings
change the boot partition
set the system date and time
set cluster settings
set forwarder settings
set the hostname
change the login password
set redirector settings
set the timezone
75
history
Purpose
Use the history command to display the command history.

Roles
Role
history
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
history
Displays the command history:
tx% history
[0] set admin snmp community ip 192.168.40.01
[1] set admin snmp community ip 192.168.40.0
[2] write
[3] set admin snmp trap host 1 version 2
[4] reload
[5] show admin snmp
[6] set cluster 1 target host 10.0.81.60:80 enabled
[7] write
[8] show admin snmp
[9] show version
[10] show version
[11] show cluster 1
[12] show cluster 1 stats
[13] show cluster 1
[14] show user admin1
[15] show user network_admin1
[16] show user secure_admin1
[17] show user network_oper1
[18] show user secure_oper1
[19] show user user1
[20] show version
[21] display users
76
import
Purpose
Use the import command to import configurations and user accounts to the appliance via TFTP
or SCP.
Roles
import
Role
config
license
ruleset
system
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-26 can be entered after the import command.
Table 3-26
import Options
Options
Value
Description
config
<src>
Imports a configuration to the appliance from a remote

license
<src>
Imports a license to the appliance from a remote location via

the TFTP or SCP.
ruleset 1
<src>
Imports an AppRule ruleset onto the Redline appliance from

a remote location via the TFTP or SCP.
<src>
Imports a System Snapshot onto the Redline appliance from

a remote location via SCP (only).
<src>
Imports user accounts to the appliance from a remote

snapshot
users
system
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive
license.
Notes
The import config and import license commands require a write operation in order to have
the changes take effect. In addition, export config operations do not export user accounts. Use
export users to export user accounts.
The import users command takes effect immediately, and does not require a write operation.
The import ruleset command takes effect immediately, and does not require a write operation.
The ruleset is checked for correct syntax and then saved on the device.
77
The format of <src> is:

Double quotes must be used if the filename has spaces. For example:
tftp://tftp_server/tx config
It is important to note that the SSL keys and certificates are not exported during an export
config operation. When importing a configuration, you must either make sure that the required
SSL keys and certificates are already installed on the appliance, or install them before use.
Examples
import config tftp://192.168.40.228/tx_config
write
Imports a configuration named tx_config from the TFTP server with an IP address of
192.168.40.228.
import config scp://192.168.40.228/tx_config
write
Imports a configuration named tx_config from the SCP server with an IP address of
192.168.40.228.
import ruleset scp://192.168.40.228/my_ruleset
write
Imports a configuration named my_ruleset from the SCP server with an IP address of
192.168.40.228.
78
install
Purpose
Use the install command to download and install new firmware to the non-active partition.
Roles
Role
Admin
install
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The install procedure preserves the current version of the firmware and downloads the
firmware to the non-active partition. The TFTP or SCP server and the filename to install from
must be set as:
set admin tftp server <tftp server> or
set admin scp server <scp server>
set admin upgrade filename <pac file filename>
If your active partition is currently partition 1, the install command will install the new
firmware into partition 2. This lets you test the new firmware and revert to the original firmware
stored in partition 1, if required.
The install operation will preserve the following information:
SSH keys
User names and passwords for the administrative users
Generated certificates
Network settings, including static routes
AppRule rulesets (on appliances that have an OverDrive license)
The install operation also allows the option to preserve the following configuration settings. On
first boot to a new partition, you can choose to import these configuration settings:
User names and passwords for all users

Network settings, including static routes and admin interface bindings
SSL keys and certificates
Current (active) server configuration
State of the services, including:
Server status
79
Telnet
SSH
SNMP
Web UI
After the import operation, you will be prompted to save the configurations using the write
operation. Admin services (e.g., server, WebUI, SSH, etc.) will also be prompted to start
accordingly, based on their state before the install operation was executed.
Example
install
Installs new firmware to the non-active partition. After running install, setting the boot partition, and then rebooting, there are four questions that are asked during the first login. Those
questions are:
Would you like to import your users? (y/n)? [y]
Would you like to import your previous configuration? (y/n)? [y]
Would you like to save your imported configuration? (y/n)? [y]
Would you like to restart your services? (y/n)? [y]
These are discussed in detail in the Installation and Administration Guide.
This is an example of the entire login sequence, answering yes to the four questions.
Would you like to import your users? (y/n)? [y] y
set user redline password $1$Hvm8g$9aBReiOCaf/mCT96mVF2h/
set user redline enabled
Would you like to import your previous configuration? (y/n)? [y]
copy config factory memory
set dns domain redlinenetworks.com
set dns server 1 192.168.0.2
set ether 0 ip 10.0.71.100
set ether 0 media autoselect
set ether 0 mtu 1500
set ether 0 netmask 255.255.255.0
set ether 1 ip 10.10.1.2
set ether 1 media 100baseTX full-duplex
set ether 1 mtu 1500
set ether 1 netmask 255.255.255.0
set hostname tx70.redlinenetworks.com
set route default 10.0.71.1
set timezone America/Los_Angeles
set ntp server 1 192.168.0.2
set admin syslog facility LOG_USER
set admin syslog port 514
set admin tftp server qa
set admin upgrade filename ex3200/install/RLS_4_0_0.pac
set admin upgrade transport tftp
set admin audit showcmd disabled
set admin netmask 255.255.255.255
set admin log memory ALERT
set admin snmp community ip 192.168.0.0
set admin snmp community name public
80
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
admin snmp community netmask 255.255.0.0

admin snmp contact Unknown
admin snmp location Unknown
admin tcpdump transport tftp
admin tsdump transport tftp
admin webui port 8090
admin webui sessionexpiretime 900
admin webui ssl disabled
admin snmp trap authfailure disabled
admin snmp trap enterprise disabled
admin snmp trap generic disabled
admin snmp trap threshold connection 100
activen disabled
activen max_blades 16
server factory a bp 21000
server factory a bps 16384
server factory a ccr disabled
server factory a cp 200
server factory a crb 8192
server factory a csb 17520
server factory a ct 2000
server factory a lp 25000
server factory a lps 2000
server factory a mt 0
server factory a pmd enabled
server factory a pst 64000
server factory a pst2 16000
server factory a puf 8
server factory a rid 0 0
server factory a rid 1 0
server factory a rlf disabled
server factory a scr disabled
server factory a srb 16384
server factory a ssb 5840
server factory a ssf 2
server factory a ssm 3
server factory c 10 enabled
server factory c aj enabled
server factory c aos disabled
server factory c asf disabled
server factory c b 0 3
server factory c b g 3
server factory c b it 3
server factory c b k 3
server factory c b n 3
server factory c b o 3
server factory c b s 3
server factory c b t 3
81
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
82
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
factory c cmt disabled

factory c f 0
factory c ft 0
factory c l 3
factory c mso disabled
factory c ons enabled
factory c p 0
factory c pae disabled
factory c tc enabled
factory c th enabled
factory c tp enabled
factory c tx disabled
factory c txc disabled
factory c u2 disabled
factory cscf disabled
factory h 5 tc
factory h ibh disabled
factory h pt 60
factory h tc3 enabled
factory h v enabled
factory h w enabled
factory h y 0
factory h z enabled
factory i f disabled
factory kac cc rv0 0
factory kac cc rv1 0
factory kac enabled
factory kat enabled
factory mfs 54
factory qss enabled
factory s ecd disabled
factory s mbb disabled
factory s mrp disabled
factory s msi disabled
factory s ncb disabled
factory s nrc disabled
factory s rct disabled
factory s tbp disabled
factory s td5 disabled
factory s trb disabled
factory sc 6
factory svc enabled
factory tsc bl 10
factory tsc cl 524288
factory tsc hs 262144
factory tsc iqm 50
factory tsc rl 3
factory tsc sc enabled
failover disabled
failover linkfail count 4
failover linkfail pollinterval 500
failover vmac disabled
failover vmac id 0
set server maxconns 50000

set slb disabled
set activen advanced burst_max 7000
set activen advanced policy roundrobin
set activen advanced reset client enabled
set activen advanced reset server enabled
set activen advanced synflood_protect disabled
set activen cleaning_interval 13
set activen failover disabled
set activen failover forcemaster disabled
set activen failover mcastaddr 224.0.0.127
set activen failover port peer 9200
set activen failover vmac disabled
set activen healthcheck interval down 20
set activen healthcheck interval syn 10
set activen healthcheck interval up 45
set activen healthcheck maxtries 3
set activen session timeout ackwait 10
set activen session timeout active 100
set activen session timeout closewait 25
set slb advanced reset client enabled
set slb advanced reset server enabled
set slb failover disabled
set slb failover forcemaster disabled
set slb failover mcastaddr 227.0.0.6
set slb failover nodeid auto
set slb failover port peer 9200
set slb failover vmac disabled
set slb failover vmac id 1
set slb healthcheck interval down 10
set slb healthcheck interval syn 5
set slb healthcheck interval up 20
set slb healthcheck maxtries 3
set slb session timeout ackwait 6
set slb session timeout active 90
set slb session timeout closewait 12
set slb sticky timeout 120
Would you like to save your imported configuration? (y/n)? [y]
Would you like to restart your services? (y/n)? [y]
set admin ssh up
The ssh daemon status was unchanged.
set admin telnet up
The telnet daemon was started.
set admin snmp up
The snmp daemon was started.
set admin webui down
The Web UI status was unchanged.
set ntp down
The ntp daemon status was unchanged.
set server up
The E|X server was started.
83
list
Purpose
Use the list command to display a list of user files on the appliance.
Roles
Role
list
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-27 can be entered after the list command.
Table 3-27
list Options
Options
Description
config
Displays the list of saved configurations on the appliance.
file
Displays the list of user files (certs and keys) stored on the appliance.
Notes
None
Examples
list file
An example of the output is:
2200% list file
democert
demokey
list config
2200% list config
Factory
my_config
abc
84
ping
Purpose
Use the ping command to ping another network node.

Roles
Role
ping
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The following option may be entered after the ping command:

<IP Address> | <DNS name>
Notes
This command is typically used in troubleshooting and during installation. Common tasks are
to ping the target host or the default gateway to verify that the configuration used at the time of
installation was correct.
Examples
ping 191.68.44.32
Pings another network node.
ping foobar.com
Pings via the DNS name. Make sure that DNS resolution is set up on the appliance.
85
quit
Purpose
Use the quit command to end a CLI session.

Roles
Role
quit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command is the same as the exit command.

Example
quit
Ends the session.
86
reboot
Purpose
Use the reboot command to reboot the appliance.

Roles
Role
reboot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
tx% reboot
Warning: This device will now reboot.
Are you sure you want to continue (y/n)? [n]
Reboots the appliance.
87
reload
Purpose
Use the reload command to back out your configuration changes before a write operation.
Roles
Role
reload
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This is an alternative to write, which saves configuration changes; reload reverts back to the
previous configuration and discards all changes since the last write.
Example
reload
Reloads the current configuration, discarding all
changes made since the last write.
88
reset config
Purpose
Use the reset config command to reset the appliance to factory settings.
Roles
Role
Admin
reset config
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command brings the appliance back to the default values set by the factory. Connectivity
will be lost if you are connected to the appliance remotely. You will need to set the appropriate
network settings prior to the write operation should you want to have remote access after the
reset config and write operations.
You do not have to perform a write operation after the reset config command to have the
changes take effect. Instead, a warning message will be displayed as follows:
tx% reset config
Executing this command will reset all configurations, including
network settings. If you continue, you will need to connect to the
console (serial) port to access the box again.
Are you sure you want to continue (y/n)? [y]
You must confirm the command to perform the reset config operation. Resetting the appliance
to factory default settings will not delete all user accounts. You should use the command delete
user all to delete all user accounts.
Example
tx% reset config
Executing this command will reset all configurations, including network settings. If you continue,
you will need to connect to the console (serial) port
to access the box again.
Are you sure you want to continue (y/n)? [y]
Resets all settings to factory defaults.
89
set activen
Purpose
Use the set activen command to enable or disable the ActiveN feature or to change ActiveN
parameters.
Roles
set activen
set activen
group <name> sticky
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-28 can be entered after the set activen command.
Table 3-28
set activen Options

Options
Value
Description
burst_max
<number>
All the sessions are purged in the timer routine. You

can set maximum number of timed out sessions that
will be purged in one timer interval. Setting
burst_max to 0 causes all the sessions that have
timed out to be purged in one timer cycle. (Default =
7000)
policy
<leastconn|
roundrobin>
Sets the switching policy to round robin or Least Connection. (Default = round robin)
reset client
When active sessions are purged, a reset can be

sent to the client and server to indicate that the con[disabled | enabled] nection has been terminated. This option is used to
enable or disable sending of resets to the client.
(Default = enabled)
reset server
[disabled | enabled] This option is used to enable or disable the sending

of resets to the server. (Default = enabled)
advanced
ActiveN operates in DSR mode, and cannot track if

the three-way TCP handshake completed successfully. It needs to remember the session information
for such sessions. In order to protect itself from an atsynflood_protect [disabled | enabled] tack, the ActiveN purges a connection if the Client
does not send final ack for the handshake.
The synflood_protect option is used to enable protection against syn flood. (Default = disabled)
cleaning_interval
90
<seconds>
The ActiveN switch uses a timer to purge expired

sessions. The cleaning_interval option is used to set
the interval between purges. (Default = 13 seconds.)
Table 3-28
set activen Options

Options
Value
Description
Enables or disables the ActiveN feature. When disabled is selected, the switch is stopped and all configuration information is deleted (only from the kernel,
not from the configuration file). (Default = disabled)
[disabled | enabled]
Used to enable or disable the failover mechanism.
bindaddr
<ip>
Used to set the bind address for the failover mechanism. (Default = Not configured)
forcemaster
Used to enable or disable the forcemaster.

Enabling forcemaster allows a switch to snatch the
activeness from another switch with a higher
nodeid. (Default = disabled)
mcastaddr
<ip>
Used to set the multicast address for the failover

mechanism. (Default = 224.0.0.127)
nodeid
< number | auto >
Used to set the nodeid of the ActiveN failover unit.

Setting nodeid to auto will result in a nodeid being
generated automatically. (Default = auto)
port peer
<port>
Used to set the port for Failover communication. (Default = 9200)
failover
vmac
Used to disable or enable the Virtual MAC.

[disabled | enabled] (Default = disabled)
id
<name>
<id>
Used to assign the Virtual MAC Address to the specified ID.
[disabled |
enabled]
Used to enable or disable the Client IP Sticky feature,

where the load balancer chosen the same server for
multiple TCP connections when the subsequent requests come from the same client.
The command "set activeN sticky timeout" is not per
group, but rather it is a global command that affects
all the groups.
timeout
This command is used to set the timeout value for

Client IP Sticky. The default value is 120 minutes, the
minimum is one minute and the maximum is 30 days.
sticky
group
<name|all>
Used to set a blade as a member of a group. Using

the keyword all in the group argument results in the
blade <ip_addr|all> blade being added to all the groups. Similarly using
all in the blade argument results in adding all the
blades into the group.
91
Table 3-28
set activen Options

Options
Value
Description
interval down
<seconds>
The healthcheck options set the time duration between two health checks. This interval is different for
different status of the blades.
The amount of time that a blade must be unresponsive before it is taken out of rotation.
(Default = 20 seconds)
interval syn
<seconds>
The time gap between sending two consecutive

health probes, if no response is received. (Default =
10 seconds)
interval up
<seconds>
The time in which the blade must respond to the

health check probe before it is considered unresponsive. (Default = 45 seconds)
maxtries
<number>
Used to set the maximum number of health check

tries before giving up. (Default = 3 tries)
src_ip
<ip>
Used to set the source ip for health check of the local

blades. (Default = unset)
healthcheck
Used to set the maximum allowable number of

blades in the system. Acceptable values for
max_blades are 1 to 8192. The max_blades option
can only be set when ActiveN is disabled. This command must be run before starting the Layer-4 (ActiveN) switch.
max_blades
ackwait
<seconds>
active
<seconds>
closewait
<seconds>
session timeout
If a session has not been active for a period of time,

it is purged by the timer. Three conditions are possible for a session:
active; A session that is currently active.
(Default = 100 seconds)
closewait; A session where the client has terminated it from his side. (Default = 25 seconds)
ackwait; Three way TCP handshake not completed. (Default = 10 seconds)
Notes
These options require an ActiveN license before they can be used.

Set activen enabled or set activen disabled takes place immediately. The
remainder of the settings made by this command will only take effect after a write operation.
Examples
tx% set activen group 1 blade 10.0.31.132
Blade 1 added in group 1
Adds the blade specified into the group specified.
tx% set activen cleaning_interval 60
Sets the cleaning interval for ActiveN to 60 seconds.
92
tx% set activen advanced policy roundrobin

Sets the ActiveN policy to round robin.
93
set admin audit

Purpose
Use the set admin audit command to enable or disable the logging of show commands in the
audit trail.
Roles
Role
set admin audit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-29 can be entered after the set admin audit command.
Table 3-29
Option
showcmd
set admin audit Options

Value
Description
Enables or disables logging show commands entered on the CLI in the audit trail.
Notes
The settings made by this command will only take effect after a write operation. The show
commands will only be logged once a write operation has been performed.
Example
set admin audit showcmd enabled
Enables the logging of show commands entered on the CLI to the audit trail.
94
set admin cli

Purpose
Use the set admin cli command to change settings for the Command Line Interface (CLI).
Roles
set admin cli
Role
sessionexpiretime
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-45 can be entered after the set admin cli command.
Table 3-30
set admin cli Options
Options
sessionexpiretime
Value
<seconds>
Description
Sets the time out for the CLI session. If no activity occurs before this time, the user must re-authenticate. The default setting is 600 seconds.
Setting the sessionexpiretime to zero causes the
session to never expire.
Notes
None
Examples
None
95
set admin email

Purpose
Use the set admin email command to set parameters for administrative E-mail. This command
is used to configure the default E-Mail configuration, but not individually configurable E-mail
settings such as those set with the set admin log, set admin tcpdump, and set admin
tsdump commands.
Roles
Role
set admin email
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-31 can be entered after the set admin email command.
Table 3-31
set admin email Options
Options
Value
Description
defaultmailto
<default address>
Default address to be used when E-mail addresses are not set. Specific E-mail addresses for log, TCPDump and TSDump, if set, will
over ride the default E-mail address.
from
<from address>
The senders address.
server
<smtp server>
IP address or hostname for the SMTP server.
Notes
Examples
set admin email from admin@company.com
Sets the from E-mail address to admin@company.com
set admin email defaultmailto support@company.com
Sets the default E-mail address to support@company.com.
set admin email server 192.168.1.2
Sets the E-mail server to address 192.168.1.2.
96
set admin interface

Purpose
Use the set admin interface command to set parameters for the administrative interface.
Roles
Role
set admin interface
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-32 can be entered after the set admin interface command.
Table 3-32
set admin interface Options
Options
ether
Value
<N>
Description
Sets the ethernet interface to use for administration
traffic, where < N > where N is one of 0, 1, 2, ... N
Notes
The set admin interface command is typically used with the set admin vip and set admin
netmask commands. The settings made by this command will only take effect after a write
operation.
Example
set admin interface ether 1
Sets ether 1 to be the administration interface.
97
set admin log

Purpose
Use the set admin log command to set parameters for logging to various destinations, including
the memory of the appliance, E-mail, and the syslog.
Roles
Role
set admin log
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-33 can be entered after the set admin log command.
Table 3-33
set admin log Options
Options
console
Value
< ALERT | EMERG>
disabled
email
Description
Sets logging to the console to one of the log levels.
Sends a log message to the console when an event greater than
or equal to the selected level occurs.
Disables the logging function.
< ALERT | EMERG>
enabled
Sets logging via E-mail at one of the log levels.

Sends a log message to the configured E-mail address(es) when
an event greater than or equal to the selected level occurs.
Enables the logging function.
mailto1
<first email address>
First E-mail address where the log should be sent.
mailto2
<second email address>
Second E-mail address where the log should be sent.
memory
< ALERT | EMERG>
Sets logging to memory in the appliance to one of the log levels.

Default is set to ALERT.
Sends a log message to the appliance memory when an event
greater than or equal to the selected level occurs.
syslog
< ALERT | EMERG>
Sets logging to a syslog host to one of the log levels.

Sends a log message to the configured syslog host(s) when an
event greater than or equal to the selected level occurs.
Notes
If neither the mailto1 or the mailto2 addresses are set, the address set using the set admin
email command will be used. Refer to set admin email on page 96 for additional information.
98
The severity levels are in the following order:

EMERG: highest level
ALERT: lowest level
If you set your alert level to EMERG, you will get both EMERG and ALERT notices. If you set
your alert level to ALERT, you will get ALERT notices, but not get EMERG notices.
Examples
set admin log email ALERT
Only send events of ALERT or a higher level via E-mail.
set admin log syslog EMERG
Sends all events to the configured syslog host.
set admin log memory EMERG
Sends all events to the screen.
99
set admin netmask

Purpose
Use the set admin netmask command to set the netmask for the administrative IP address.
Roles
Role
set admin netmask
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The settings made by this command will only take effect after a write operation. The netmask
value is an optional parameter; the default value is 255.255.255.255.
Example
set admin netmask 255.255.255.255
Sets the netmask for the administrative address.
100
set admin scp

Purpose
Use set admin scp to configure the SCP server and username, and to import and export user
information.
Roles
Role
set admin scp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-34 can be entered after set admin scp.
Table 3-34
set admin scp options
Options
Value
Description
server
<hostname or IP address>
Configures the SCP server IP address or

hostname.
username
<scp username>
Configures the username to use for the SCP

operation.
Notes
The settings made by this command will only take effect after a write operation. The SCP
server or TFTP server can be used for the following operations:
Upgrading the firmware

Importing and exporting configurations
Exporting the audit trail
Exporting the event log
Sending the TCP dump data captured.
Sending the Technical Service Dump (TSDump) data to the Redline Networks Support
organization
Example
set admin scp server 19.8.7.4
Set the SCP server by its IP address.
101
set admin snmp

Purpose
Use the set admin snmp command to set options relating to the SNMP configuration of the
appliance.
Roles
Role
set admin snmp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-35 can be entered after the set admin snmp command.
Table 3-35
set admin snmp Options
Options
community
contact
Value
Description
ip
<ip>
Sets the network to allow SNMP connections.
name
<name>
Sets the SNMP read-only community name.
netmask
<netmask>
Sets the netmask to allow SNMP connections from the specified network.
<contact>
down
Sets the SNMP system contact (MIB II).

Turns off SNMP.
location
<location>
Sets the SNMP system location (MIB II).
trap
Sets the parameters for SNMP traps. Refer to set admin

snmp trap on page 104 for additional information.
up
Turns on SNMP.
Notes
Setting the SNMP service up or down will take effect immediately after the command is
executed. The remainder of the settings in this section will only take effect after a write
operation.
The SNMP agent only supports read, not write operations.
102
Examples
set admin snmp location snmp-rack1
Sets SNMP system locations.
set admin snmp community ip 19.9.9.2
Sets IP to allow SNMP connections from a specified IP address.
103
set admin snmp trap

Purpose
Use the set admin snmp trap command to set options relating to SNMP traps.
Roles
Role
set admin snmp trap
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-36 can be entered after the set admin snmp trap command.
Table 3-36
set admin snmp trap Options
Options
Value
Description
authfailure
Enables or disables sending authorization

failure traps. Default is set to disabled.
enterprise
Enables or disables sending enterprise

specific traps. Default is set to disabled.
generic
Enables or disables sending generic traps.

Default is set to disabled.
host
<1 | 2>
threshold
community
<community string>
Defines the community string for each trap

host.
ip
<ip>
Defines the IP address for each trap host.
version
<1 | 2>
Defines the SNMP version for each trap

host to be either Version 1 or Version 2.
<threshold in %>
Defines the threshold for connections

counted in percentages.
connection
Notes
The settings in this command will only take effect after a write operation.
Examples
set admin snmp trap host1 ip 192.169.40.20
Configures the IP address for trap host1.
set admin snmp trap host2 version 2
Configures SNMP Version 2 traps to be sent to trap host2.
104
set admin snmp trap generic enabled

Enables sending of generic SNMP traps.
set admin snmp trap enterprise disabled
Disables sending of enterprise specific traps.
105
set admin soap

Purpose
Use the set admin soap command to enable or configure the Simple Object Access Protocol
(SOAP) server. The SOAP Server is used with Configuration Synchronization.
Roles
Role
set admin soap
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-37 can be entered after the set admin soap command.
Table 3-37
set admin soap Options
Options
Value
down
port
ssl
Description
Disables the SOAP server.
Sets the port number for the SOAP server. The default
port is 8070.
<portnum>
certfile
<filename>
Sets the SSL certfile filename for the SOAP server.

The default file name is democert.
keyfile
<filename>
Sets the SSL key file for the SOAP server. The default
file name is demokey.
keypass
<password>
Sets the SSL key password for the SOAP server.
up
Enables the SOAP server. The default is enabled (up).
Notes
This command will take effect immediately after it is executed.

Examples
106
set admin soap up
Enables the SOAP server
set admin soap down
Disables the SOAP server
set admin ssh

Purpose
Use the set admin ssh command to turn SSH (Secure Shell) access on or off.
Roles
Role
set admin ssh
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-38 can be entered after the set admin ssh command.
Table 3-38
set admin ssh Options
Options
Description
down
Turns off SSH access.
up
Turns on SSH access.
Notes

Examples
set admin ssh up
Enables SSH access.
set admin ssh down
Disables SSH access.
107
set admin syslog

Purpose
Use the set admin syslog command to set up one or two syslog hosts for logging purposes.
Roles
Role
set admin syslog
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-39 can be entered after the set admin syslog command.
Table 3-39
Options
set admin syslog Options

Value
Description
facility
<LOG_LOCAL0 |
LOG_LOCAL1 |
LOG_LOCAL2 |
LOG_LOCAL3 |
LOG_LOCAL4 |
LOG_LOCAL5 |
LOG_LOCAL6 |
LOG_LOCAL7 |
LOG_USER>
Sets the syslog facility. The default is

LOG_USER.
host1
<IP Address or hostname>
First syslog host.
host2
<IP Address or hostname>
Second syslog host.
port
<TCP Port>
Sets the set admin syslog destination TCP

port for the syslog server. The default is
514.
Notes
The syslog facility is used when the set admin log syslog level is set. Refer to set admin log
on page 98 for additional information.
Examples
set admin syslog host1 192.168.0.1
Sets the first syslog host to be 192.168.0.1.
108
set admin syslog host2 192.168.0.2

Sets the second syslog host to be 192.168.0.2.
set admin syslog facility LOG_LOCAL0
Sets the syslog facility to be LOG_LOCAL0 that the appliance will log to the syslog host.
109
set admin tcpdump

Purpose
Use the set admin tcpdump command to set options relating to TCPDump.
Roles
Role
set admin tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-40 can be entered after the set admin tcpdump command.
Table 3-40
set admin tcp dump Options
Options
Value
Description
filename
<tcpdump filename>
Sets the remote filename for the TCPDump.
mailto1
First E-mail address where the TCPDump should be sent.
mailto2
Second E-mail address where the TCPDump should be sent.
scp
Sends TCPDump information via the pre-configured SCP host.

Any of SCP, SMTP, or TFTP can be set, but only one at a time.
smtp
Sends TCPDump information via the pre-configured E-mail

addresses. Any of SCP, SMTP, or TFTP can be set, but only
one at a time.
tftp
Sends TCPDump information via the pre-configured TFTP host.

Any of SCP, SMTP, or TFTP can be set, but only one at a time.
transport
Notes
Before running the tcpdump command, the following parameters must be set:
Filename for storing the TCPDump, if you are using TFTP or SCP.
An E-mail address, TFTP server, or SCP server.
Refer to tcpdump on page 317 for additional information.
If you are using SCP, you need to set the SCP username using the command set admin scp
username <name> before entering this command. Refer to set admin scp on page 101 for
110
Examples
set admin tcpdump transport scp
Uses the pre-configured SCP host to upload the TCPDump information.
set admin tcpdump transport smtp
Uses the pre-configured E-mail addresses to send the TCPDump information.
set admin tcpdump transport tftp
Uses the pre-configured TFTP host to upload the TCPDump information.
set admin tcpdump filename tx_tcpdump
Sets the filename to capture the TCPDump to be tx_tcpdump.
111
set admin telnet

Purpose
Use the set admin telnet command to turn telnet access on or off.
Roles
Role
set admin telnet
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-41 can be entered after the set admin telnet command.
Table 3-41
set admin telnet Options
Options
Description
down
Turns off telnet access.
up
Turns on telnet access.
Notes
This command will take effect immediately after it is executed. Issuing a write command saves
the change so that it is preserved between reboots.
Examples
set admin telnet up
Enables telnet access.
set admin telnet down
Disables telnet access.
112
set admin tftp

Purpose
Use the set admin tftp command to set TFTP server information.
Roles
Role
set admin tftp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-42 can be entered after the set admin tftp command.
Table 3-42
set admin tftp Options
Options
server
Value
Description
<hostname | IP Address>
Sets the TFTP server.
Notes
This command takes effect immediately. Issue a write command to make the change
permanent.
The TFTP server can be used for the following operations:
Upgrading the firmware

Importing and exporting configurations
Exporting the audit trail
Exporting the event log
Sending the TCP dump data captured.
Sending the Technical Service Dump (TSDump) data to the Redline Networks Support
organization
The TFTP transport cannot be used to export audit trail and event logs.
Example
set admin tftp server 19.8.7.4
Sets the TFTP server to an IP address.
113
set admin tsdump

Purpose
Use the set admin tsdump command to set options relating to technical service dumps.
Roles
Role
set admin tsdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-43 can be entered after the set admin tsdump command.
Table 3-43
set admin tsdump Options
Options
Value
Description
filename
<tspdump filename>
Sets the remote filename for the TSDump.
mailto1
First E-mail address where the TSDump should be sent.
mailto2
Second E-mail address where the TSDump should be sent.
scp
Sends TSDump information via the pre-configured SCP host.

Any of the options SCP, SMTP, or TFTP can be set, but only one
at a time.
smtp
Sends TSDump information via pre-configured E-Mail addresses. Any of the options SCP, SMTP, or TFTP can be set, but only
one at a time.
tftp
Sends TSDump information via the pre-configured TFTP host.

Any of the options SCP, SMTP, or TFTP can be set, but only one
at a time.
transport
Notes
Technical service dump information is used by Redline Networks authorized personnel for
troubleshooting the appliance. These parameters must be set before running the tsdump
command:
Filename for storing the TSDump, if you are using TFTP or SCP.
An E-mail address, TFTP server, or SCP server.
114
Examples
set admin tsdump transport scp
Use the pre-configured SCP host to upload TSDump information.
set admin tsdump transport smtp
Uses pre-configured E-mail addresses to send the TSDump information.
set admin tsdump transport tftp
Use the pre-configured TFTP host to upload TSDump information.
115
set admin upgrade

Purpose
Use the set admin upgrade command to configure the filename and transport for the appliance
pac file used to upgrade the firmware.
Roles
Role
set admin upgrade
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-44 can be entered after the set admin upgrade command.
Table 3-44
set admin upgrade Options
Options
filename
Value
Description
<filename for the firmware>
Sets the filename of the firmware that will

be used for the upgrade.
scp
Configures the transport method to use

SCP to upgrade or install new firmware.
tftp
Configures the transport method to use

TFTP to upgrade or install new firmware.
transport
Notes
The TFTP server or the SCP server must be configured before the upgrade. Use the command:
set admin tftp server <tftp server>
or
set admin scp server <scp_server>
to configure the TFTP or SCP server.

116
Examples
set admin upgrade filename tx.pac
Sets the filename of the appliance pac file to be tx.pac.
set admin upgrade transport scp
Use SCP to install new firmware.
set admin upgrade transport tftp
Use TFTP to install new firmware.
117
set admin vip

Purpose
Use the set admin vip command to set the administrative IP address.
Roles
Role
set admin vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Example
set admin vip 10.0.11.10
Sets the administrative IP address.
118
set admin webui

Purpose
Use the set admin webui command to change settings for the Web User Interface (WebUI).
Roles
set admin webui
Role
up/down
port
sessionexpiretime
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-45 can be entered after the set admin webui command.
Table 3-45
set admin webui Options
Options
Value
down
Description
Turns the Web User Interface off.
port
<port number>
Sets the TCP port for accessing the WebUI.

The default port is 8090. 1
sessionexpiretime
<seconds>
Sets the time out for the WebUI session. If no activity occurs before this time, the user must reauthenticate.
cert
Sets the SSL Certificate for access to the Web

User Interface via SSL.
disabled
Disables Web User Interface access via SSL.
enabled
Enables Web User Interface access via SSL.
ssl
up
Turns the Web User Interface on.

1.It is possible to configure WebUI to listen on an IP (10.0.20.0, for example) and use port 8090. At the
same time, a cluster of target hosts may be configured to use the same IP and port (10.0.20.0:8090). When
a configuration change is made that requires a restart of the multiplexing engine, a WebUI administrator
page could be displayed. To prevent this from occurring, you should not use the administrator port as a
cluster port.
Notes
Setting the Web User Interface service up (on) or down (off) will take effect immediately after
the command is executed. Issuing a write command saves the change so it is preserved between
reboots. The remainder of the settings in this section will only take effect after a write
operation.
119
Examples
set admin webui port 8090
Sets the in-band administrative port to 8090.
set admin webui up
Turns the web administration manager on.
set admin webui ssl enabled
Enables access to the Web UI via SSL.
120
set boot
Purpose
Use the set boot command to set the boot partition for the next reboot.
Roles
Role
set boot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-46 can be entered after the set boot command.
Table 3-46
Options
set boot Options

Description
Sets partition 1 to be the active partition for the next reboot.
Sets partition 2 to be the active partition for the next reboot.
Notes
None
Example
set boot 1
Sets partition 1 to be the boot partition for the next reboot.
121
set cache <name>

Purpose
Use the set cache <name> command to set the parameters for the named 3G cache.
Roles
Role
set cache <name>
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-47 can be entered after the set cache <name> command.
Table 3-47
set cache <name> Options
Options
max_objects
size
Parameter
Description
<integer>
Sets the total number of objects that can be stored in the

named cache. The minimum number is 1024 and the maximum is 32768. The default value is 8192.
The value for max_objects can be abbreviated with a K suffix to indicate how many thousands. (1K = 1000 objects)
<integer>
The minimum number is 1,048,576 (1 Mbyte) and the maximum is 104,857,600 (100 Mbytes). The default value is
10,485,760 (10 Mbytes). The actual size of the cache can be
somewhat larger than this.
The value for max_objects can be abbreviated with an M
suffix to indicate a megabyte. (1,048,576 bytes = 1M)
Notes
Examples
set cache secureImages max_objects 28000
Sets the total number of objects that can be stored in the
cache named secureImages to be 28000.
set cache secureImages size 104857600
Sets the maximum size (in bytes) of the cache named secureImages to be the maximum (104,857,600 bytes).
122
set clock
Purpose
Use the set clock command to set the date and time of the server.
Roles
Role
set clock
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-48 can be entered after the set clock command.
Table 3-48
set clock Option

Option
<YYYY.MM.DD HH:MM:SS>
Description
YYYY: Year
MM: Month
DD: Day
HH: Hour
MM: Minute
SS: Second
Notes
If date and time are controlled by the NTP, you must:
set ntp down
prior to using this command.

Example
set clock 2003.08.13. 14:00:00
Sets the date and time in the <YYYY.MM.DD HH:MM:SS> format.
123
set cluster <name> aaa audit

Purpose
Use the set cluster <name> aaa audit command to enable or disable HTTP(S) authentication
auditing.
Roles
Role
set cluster <name> aaa audit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-49 can be entered after the set cluster <name> aaa audit
command.
Table 3-49
set cluster <name> aaa audit Options
Options
Description
[disabled | enabled] 1
This command enables or disables HTTP(S) authentication auditing.
level
This command sets the level at which authentication messages are

written into the audit log. If all is selected, all authentication messages are shown. If failure is selected, only authentication failures are
shown.
[all | failures]
1.A license is required for the audit option.
Notes
124
set cluster <name> aaa authentication

Purpose
Use the set cluster <name> aaa authentication commands to set the HTTP(S) authentication
and authorization parameters for a cluster. For more information on HTTP(S) authentication,
see the Installation and Administration Guide.
Roles
set cluster <name>
aaa authentication
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-50 can be entered after the set cluster <name> aaa
authentication command.
Table 3-50
set cluster <name> aaa authentication Options

Options
Value
Description
[enabled|disabled]
This command enables or disables authentication

caching.
maxage
This command sets the maximum age to store an

authentication cache entry. This parameter is in set
in seconds, and the default value is 60 seconds.
cache
[maxage]
This command enables or disables authentication.
anonymous
[enabled|disabled]
This command is used to set whether anonymous

access to the LDAP database is allowed. Before
making anonymous disabled, you must define at
least one bind user.
base-dn
<string>
This command is used to set the root distinguished

name.
password
<string>
This command is used to set the bind user password. N can be either 1 or 2.
user-dn
<string>
This command is used to set the bind user distinguished name. N can be either 1 or 2.
<string>
This command is used to set the name of the attribute that holds the group information in LDAP
server database. The default is "ou".
ldap
bind
gid
125
Table 3-50

Options
Value
ip
<ip>
This command is used to set the IP address of the

LDAP server that will be used for the cluster. N can
be either 1 or 2.
port
<port number>
This command is used to set the port number of the

LDAP server that will be used for the cluster. N can
be either 1 or 2.
server N
This command enables or disables authentication

over SSL. The default is disabled.
cacertfile
<string>
This command is used to set the certificate authority

(CA) certfile for SSL.
uid
<string>
This command is used to set the name of the attribute that holds the user information in the LDAP
server database. The default value is "uid". the user
name entered in the browser's authentication dialog
is assigned to the uid attribute. This can be any attribute, for example, givenname, surname, cn, etc. It
is best to use uid as it is normally a unique attribute
for each person. The authentication will fail if multiple matches are found.
version
<2 | 3>
This command is used to set the LDAP protocol version. The default is LDAPv3.
www
This command is used to set the method of authentication that will be used for the cluster.
ssl
ldap
method
This command is used to set or change the password that will be used that will be used for AAA Authentication. You will be prompted to enter the
password.
password
[ldap|radius]
This command is used to set the authentication protocol that will be used for the cluster.
ip
<ip>
This command is used to set the IP address of the

RADIUS server that will be used for the cluster. N
can be either 1 or 2.
port
<port number>
This command is used to set the port number of the

RADIUS server that will be used for the cluster. N
can be either 1 or 2.
key
<shared-key>
This command is used to set the authentication key

for the RADIUS server that will be used for the cluster.
retries
<integer>
This command is used to set the number of retries

for the RADIUS server that will be used for the cluster.
timeout
<integer>
This command is used to set the timeout value for

the RADIUS server that will be used for the cluster.
<string>
This command is used to set the realm name that is

displayed in the login pop-up dialog box.
protocol
server N
radius
server
realm
126
Description
Table 3-50

Options
Value
Description
This command is used to Enable or Disable Redirect on a password change flag set. You need to
specify a custom page to redirect users to when a
password change flag is received.
host
<ip:port>
This command is used to set the remote host from

where this URL will be retrieved. By default, the file
is local, and the host is the IP address of the cluster.
protocol
[http* | https]
This command is used to set the protocol to use

when retrieving the password change custom page.
The default is http.
url
This command is used to redirect to a URL when the

[auth.shtml* | <user provided url> ] ldap server or active directory sends a password
change flag.
redirect
response text
<string>
This command is used to set the authentication

HTML message that will be used for the cluster.
Notes
The protocol must be set (radius or ldap), before the radius and ldap options can be set.
Examples
tx% set cluster 1 aaa authentication protocol LDAP
Sets the authentication protocol for cluster 1 to LDAP.
tx% set cluster 1 aaa authentication ldap version 3
Sets the LDAP version to use for cluster 1 authentication to LDAP Version 3.
tx% show cluster 1 aaa authentication protocol
HTTP Authentication Protocol: LDAP
tx% set cluster 1 aaa authentication radius server retries 8
Authentication protocol is not RADIUS
tx%
This example shows that the LDAP authentication protocol was set, and that any changes
made that are not specifically for the LDAP protocol (Radius in this example) will generate
an error.
127
set cluster <name> apprule

Purpose
Use the set cluster <name> apprule commands to bind an OverDrive AppRule ruleset to a
specific cluster, and enable or disable ruleset operations on that cluster. This feature is only
available on an E|X Enterprise Application Processor with an OverDrive license.
Roles
set cluster <name> apprule
Role
Admin
limit
ruleset
enable/disable
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-51 can be entered after the set cluster <name> apprule
command.
Table 3-51
set cluster <name> apprule Options
Options
Value
Description
[disabled | enabled] 1
Enables or disables AppRule operations for a specific cluster
limit 2
retrypost
Sets a value that acts as a high-water mark for the

number of bytes that will be stored for a POST request to be retried. If the POST data exceeds this
value, then the data is released and the retry mechanism is disabled for this request. The original request will proceed.
ruleset
<filename>
<int>
Sets the filename for the AppRule ruleset for a specific cluster.
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive
license.
2.If a value of zero is specified, then there is no limit imposed on the POST data amount. This is
very dangerous since it allows a single user to issue a single request and use all of the resources on the box. The default value is 32768 kBytes. Most POST requests are typically less than
2 kBytes, so there should not be any problems with the default range limits. An upper limit of 100
MBytes is provided for installations that demand maximum flexibility.
Notes
For the retry_request action to work correctly with Page Translation Content, the factory setting
fcl must be explicitly enabled (it is disabled by default). Contact your Redline Administrator
or Redline Support for assistance.
128
Examples
set cluster 1 apprule ruleset my_ruleset
Sets the AppRule binding for cluster 1 to the values declared in the file my_ruleset.
set cluster 1 apprule enabled
Enables AppRule operations for cluster 1.
129
set cluster <name> cache

Purpose
Use the set cluster <name> cache command to associate or disassociate a cluster with a
specific cache.
Roles
set cluster <name>
cache
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-52 can be entered after the set cluster <name> cache command.
Table 3-52
set cluster <name> cache Options
Options
Values
cache
<name>
cache
<name>
Description
Associates a cluster with a named cache.
[disabled | enabled
Enables or disables caching for a cluster. The

cache is disabled by default.
Notes
Example
set cluster fred cache secureImages
Associates the cluster fred with the cache named secureImages.
130
set cluster <name> connbind

Purpose
Use the set cluster <name> connbind command to enable or disable connection binding. This
feature is only available on the E|X Enterprise Application Processor product line.
Roles
set cluster <name>
connbind
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-53 can be entered after the set cluster <name> connbind
command.
Table 3-53
set cluster <name> connbind Options
Options
Description
disabled
Disables connection binding.
enabled
Enables connection binding.
Notes
Examples
set cluster 1 connbind enabled
Enables connection binding.
set cluster 1 connbind disabled
Disables connection binding.
131
set cluster <name> convert302protocol

Purpose
Use the set cluster <name> convert302protocol command to enable or disable the conversion
of HTTP 302 responses from HTTP to HTTPS or from HTTPS to HTTP.
Roles
set cluster <name>
convert302protocol
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-54 can be entered after the set cluster <name>
convert302protocol command.
Table 3-54
set cluster <name> convert302protocol Options
Options
Description
disabled
Disables the convert302protocol.
enabled
Enables the convert302protocol.
Notes
Enabling this option will convert the HTTP 302 responses from the target server from HTTP to
HTTPS or from HTTPS to HTTP. For example, if the HTTP 302 responses from the target
server are in the HTTP protocol, enabling this option will cause the appliance to convert the
HTTP 302 responses sent back to the client into HTTPS protocol.
This is useful when SSL acceleration is enabled on the listen side and the target side remains
set to clear traffic. When the target server sends an HTTP 302 response, the appliance will
automatically convert the HTTP 302 response back to the client using HTTPS protocols.
Example
set cluster 1 convert302protocol enabled
Enables the convert302 protocol.
132
set cluster <name> description

Use the set cluster <name> description command to add a descriptive note to a cluster. This
description is limited to 512 characters of free-form text, but cannot include newlines. This
allows administrators to fully describe the cluster's usage, contact information, warnings, or any
other pertinent information they deem necessary.
Roles
set cluster <name>
description
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-55 can be entered after the set cluster <name> description
command.
Table 3-55
Options
description
set cluster <name> description Options

Values
<description>
Description
Add a description to a named cluster.
Notes
Examples
set cluster marketing description This cluster fronts the marketing section of
the intranet. Authentication is required to access this content. If you have questions, please contact Joe Schmoe at jschmoe@mycompany.com or by phone at extension 4567."
Adds the description This cluster fronts the marketing section of the intranet. Authentication
is required to access this content. If you have questions, please contact Joe Schmoe at
jschmoe@mycompany.com or by phone at extension 4567." to the cluster named marketing.
133
set cluster <name> dsr

Purpose
Use the set cluster <name> dsr command to enable or disable Direct Server Return (DSR).
This reduces traffic by allowing web servers to send HTTP responses directly back to the
requesting client, thus bypassing the load balancer in the response path.
Roles
set cluster <name>
dsr
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-56 can be entered after the set cluster <name> dsr command.
Table 3-56
set cluster <name> dsr Options
Options
Description
disabled
Disables cluster <name> DSR.
enabled
Enables cluster <name> DSR.
Notes
Refer to Chapter 6 in the Installation and Administration Guide for additional information.
Examples
set cluster 1 dsr enabled
Enables DSR on cluster 1.
set cluster 2 dsr disabled
Disables DSR on cluster 2.
134
set cluster <name> health

Purpose
Use the set cluster <name> health command to set the content health check parameters for
target servers.
Roles
Role
set cluster <name>

health
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-57 can be entered after the set cluster <name> health command.
Table 3-57
set cluster <name> health Options
Options
Value
Description
disabled
Disables content health checks.
enabled
Enables content health checks.
interval
<interval>
Interval for health check requests in seconds. The default is 150

seconds. The range is from one to 3600 seconds.
resume
<resume number>
Number of health checks with good responses before declaring

the target server as operational. The default is one; the range
is from one to 20.
retry
<retry number>
Number of health check retries with no response before declaring the target server as down.The default is four; the range is
from one to 20.
returncode
<return code>
Expected return code. The default is 200.
size (optional)
<size of response>
Expected size of the response. This is the number of bytes in the

body of the response as would be reflected in an HTTP ContentLength header. The default is 1 (disabled or ignored).
<string>
Searches for the string in the non-header portion of the HTTP response. This option only applies to the following MIME types:
text/html
text/css
text/plain
text/xml
The string is case-sensitive, and the maximum length of the
string is 64 bytes. When typing the command from the Command
Line Interface, the string must be enclosed in double quotes if
there is white space in the string. The string must not be enclosed in double quotes when being entered from the WebUI.
string (optional)
135
Table 3-57
set cluster <name> health Options
Options
Value
Description
timeout
<1-60>
The timeout value is the maximum time (in seconds) that the appliance will wait for the last byte of the HTTP response, measured from the time that the GET request was sent. The default
is 15 seconds.
Id this timeout is exceeded, the target will be marked as down
with a new status code:
RT = Layer 7 Down; Response Timed Out
urlpath
<url path>
The URL path that the appliance will send to target servers for
health checks. The URL path must begin with a /.
useragent
<default | n>
Sets the user agent for health check requests.
Notes
The appliance verifies the health of the target server by sending an HTTP Get Request to all the
target servers in the cluster at a pre-configured interval. The Redline appliance assume all target
hosts are down when Layer 7 health checking is turned on, and only logs state transitions. This
means that with two servers to be checked when we turn on Layer 7 Health Checking (one down
and one up), the server that is up will be logged in the system log as "Server A passed L7 Health
Check" but the server that is down will never be mentioned in the logs until such time as it
comes up.
For example:
Server 0.0.31.20 is normal: It responds to both a ping and an HTTP request (machine is
up, webserver is up).
Server 10.0.31.10 is in a semi-bad state: It responds to a ping, but not an HTTP request
(machine is up, webserver is down)
In this state, when Layer 7 health checking is first enabled, you will never see 10.0.31.10
marked as bad by Layer 7 health check. This is because it was never seen as up by the
appliance, and therefore there was never a transition to record.
Examples
set cluster 1 health urlpath /index.html
Sets the URL for health check to be index.html.
set cluster 1 health returncode 200
Sets the expected return code to 200.
set cluster 1 health enabled
Enables health checks for cluster 1.
136
set cluster <name> listen

Purpose
Use the set cluster <name> listen command to set properties for cluster listen traffic (between
the appliance and the client browser). This establishes a virtual IP address, netmask, port, or
SSL configuration for a servers cluster listen traffic.
Roles
set cluster <name> listen
Role
port
ssl
targetsdown
vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-58 can be entered after the set cluster <name> listen command.
Table 3-58
set cluster <name> listen Options
Options
port
Value
<port number>
Description
Sets the cluster listen port. The default is set to 80.
SSL configuration; refer to set cluster <name> listen ssl on
page 139 for additional information.
ssl
Sets the behavior when all targets are down.
targetsdown
[blackhole | finclient | redirect]
vip
<ip>
blackhole refers to the current behavior of dropping all

packets sent to the cluster that has all of its target hosts
down.
finclient refers to the historical behavior of allowing the
client to connect and then subsequently closing down the
connection with a FIN.
redirect <url> refers to the new behavior of redirecting
clients with an HTTP 302 reply to the new location specified
in <url>. The URL is specified as follows:
http[s]://<server>[:port][/path/resource]
Sets the cluster listen virtual IP address.
Notes
137
Examples
set cluster 1 listen vip 10.0.22.51
Sets cluster 1s listen virtual IP address to 10.0.22.51.
set cluster 1 listen port 80
Sets cluster 1s listen port to 80.
138
set cluster <name> listen ssl

Purpose
Use set cluster <name> listen ssl to establish properties of a clusters SSL listen traffic.
Roles
set cluster <name>
listen ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-59 can be entered after the set cluster <name> listen ssl
command.
Table 3-59
set cluster <name> listen ssl Options
Options
Value
Description
certfile
<filename>
Specifies the SSL certfile for cluster listen connections.
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites that
conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for cluster listen traffic.
common
Allows only the most commonly used cipher suites from both the strong and
export groups.
export
Allows only the lower security suites that have been traditionally available for
export.
file
Allows a user-defined list of SSL cipher suites to be used to configure an SSL

cluster.
strong
Allows only the highest security cipher suites that have only been traditionally
available in the United States.
ciphersuite
clientauth
Sets SSL Client Certificate Authentication (refer to set cluster <name> listen
ssl clientauth on page 141 for additional information).1
disabled
Disables SSL for cluster listen traffic.
enabled
Enables SSL for cluster listen traffic.
ephkeyfile
<ephkeyfile>
ephkeypass
keyfile
keypass
Specifies the SSL ephemeral keyfile.

Specifies the ephemeral key pass phrase.
<filename>
Specifies the SSL keyfile for cluster listen traffic.

Specifies the SSL key pass phrase for cluster listen traffic.
139
Table 3-59
set cluster <name> listen ssl Options
Options
protocol
Value
Description
sslv2
Specifies the SSL protocol type for cluster listen traffic:

sslv2: SSL Version 2 only
sslv23
sslv23: SSL Version 2; SSL Version 3: TLS Version 1
sslv3
tlsv1
tlsvl: TLS Version 1 only
Notes
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a 512bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password. The
512-bit RSA key must reside in the file /usr/rl/etc/cluster/ephpass.pem.
The SSL key pass phrase (keypass) is not copied as part of the configuration file on the new
partition during an upgrade. You can import the keypass by typing command:
%set cluster <n> listen ssl keypass <key password>
The supported cipher suites are shown in Appendix C. "Cipher Suites".

Examples
set cluster 1 listen ssl certfile certfile.dat
Sets the cluster 1 listen SSL certfile to certfile.dat.
set cluster 1 listen ssl keypass
Sets the cluster 1 listen SSL pass phrase (prompted).
set cluster 1 listen ssl ciphersuite export
Sets the cluster 1 listen SSL ciphersuite to export.
140
set cluster <name> listen ssl clientauth

Purpose
Use the set cluster <name> listen ssl clientauth command to establish properties of cluster
SSL listen traffic with Client Certificate Authentication. This feature is only available on the
E|X Enterprise Application Processor product line.
Roles
set cluster <name> listen ssl
clientauth
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-60 can be entered after the set cluster <name> listen ssl
clientauth command.
Table 3-60
Options
authtype
cacertfile
cacrlfile
set cluster <name> listen ssl clientauth Options

Value
Description
[local | none]
Enables or disables client authentication for cluster <name>.

The default is local and provides local authorization. If none is
specified, the local and remote authentication are disabled.
This option (none) may be used in situations where a client
certificate needs to be forwarded to the target host.
<filename>
Sets the advertised Certificate Authority (CA) file as

<filename> for the cluster. The <filename> must contain a
list of one or more valid CA certificates that are self-signed or
signed by:
a well-known trusted CA
a CA listed in the trusted CA certificate file
All certificate entries in this file must be in base64-encoded
format.
<filename>
Sets the CA Certificate Revocation List (CRL) as

<filename> for the cluster. The <filename> must be a list
of one or more valid CRLs containing certificates signed by
one of the CAs listed in the trusted CA certificate file. All CRL
entries not corresponding to an entry in the trusted CA
certificate file are ignored.
All CRLs listed in the file must be in base64-encoded format.
141
Table 3-60
set cluster <name> listen ssl clientauth Options
Options
Value
catrustfile
<filename>
Description
Sets the CA Trusted Certificate file to <filename> for the
cluster. The <filename> must be a file containing a valid list
of one or more root- or intermediate-CA certificates; each certificate is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate must also be present in either a catrustfile or the cacertfile.
disabled
Disables SSL Client Certificate Authentication.
enabled
Enables SSL Client Certificate Authentication.

Enables or disables forwarding of client certificate to the target host as an HTTP header. The default is disabled.
format DERBase64 |PEM
Sets the format of the certificate to be forwarded as an HTTP

header. The default is X509 certificate in DER format base 64
encoded (DERBase64).
forwardclientcert
Notes
Examples
set cluster 1 listen ssl clientauth enabled
Enables client authentication for cluster 1.
set cluster 1 listen ssl clientauth cacertfile ca_cert_list
Sets the advertised CA file to be ca_cert_list for cluster 1.
set cluster 1 listen ssl clientauth cacertfile ca_crl_list
Sets the CA CRL to be ca_crl_list for cluster 1.
set cluster 1 listen ssl clientauth catrusttfile ca_trusted_list
Sets the CA trusted certificate file to be ca_trusted_list for cluster 1.
set cluster secure_001 listen ssl clientauth forwardclientcert headername
"CLIENT_CERT"
Sets the forward client certificate header name for the cluster secure_001 to be
CLIENT_CERT.
142
set cluster <name> name

Use the set cluster <name> name command to change the name of a cluster.
Roles
set cluster <name>
name
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-61 can be entered after the set cluster <name> name
<newname> command.
Table 3-61
Option
name
set cluster <name> name Option

Values
<newname>
Description
Change the name of an existing cluster to <newname>.
The new name must conform to the requirements outlined
in Cluster, Redirector, and Forwarder Naming Conventions on page 17.
Notes
Example
set cluster marketing name mkt-dept
Renames the cluster marketing to mkt-dept.
143
set cluster <name> owa

Purpose
Use the set cluster <name> owa command to enable or disable support for Outlook Web
Access (OWA). This command is only available on the E|X Enterprise Application Processor
product line.
Roles
set cluster <name>
owa
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-62 can be entered after the set cluster <name> owa command.
Table 3-62
set cluster <name> owa Option
Option
owa
Value
Description
Enables or disables the OWA methods.
Notes
Example
tx% set cluster 1 owa enabled
Enables Outlook Web Access support for cluster 1.
144
set cluster <name> stats history

Purpose
Use the set cluster <name> stats history command to set client to enable or disable the
collection of statistics history.
Roles
Role
set cluster <name>

stats history
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-63 can be entered after the set cluster <name> stats history
command.
Table 3-63
set cluster <name> stats history Option
Option
stats
Value
history
Description
Enables or disables the collection of statistics history.
Notes
Example
None
145
set cluster <name> sticky

Purpose
Use the set cluster <name> sticky command to set client to target sever bindings.
Roles
Role
set cluster <name>

sticky
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-64 can be entered after the set cluster <name> sticky command.
Table 3-64
Set Cluster <name> Sticky Options
Options
Value
distribution
<internet | intranet>
clientip
Defines the hashing method for using client IP for sticky connections. The default is internet. For optimum results, deployments with public-facing web sites should use internet
and deployments with intranet applications should use intranet.
timeout
Sets the time (in minutes) to keep the client IP bound to a

target host. The range is 1 to 43200. The default value is
120.
expire
Sets the time (in minutes) to keep the cookie valid. The allowable range of cookie expire values is 1 minute to
3,000,000 minutes (5.71 years). Setting the cookie expire
value to zero means that the cookies never expire.
cookie
mask
method
Description
iponly
Uses only the IP address to identify a target server.
ipport
Uses both the IP address and the port for identifying a target
server.
clientip
Uses clientip for binding clients to a target host.
cookie
Uses cookies for binding clients to a target host.
none
No sticky bindings. This is the default.
Notes
146
Examples
set cluster 1 sticky clientip timeout 1000
Sets the sticky (via clientip) timeout to 1000 minutes.
set cluster 1 sticky cookie expire 1000
Sets the sticky (via cookie) timeout to 1000 minutes.
set cluster 1 sticky method cookie
Uses cookies for binding clients to a target host.
set cluster 1 sticky method none
Disables sticky binding.
set cluster 1 sticky mask ipport
Uses an IP address and port to identify a target server.
set cluster 1 sticky clientip distribution intranet
Uses the hashing method designed for intranet deployment.
147
set cluster <name> target

Purpose
Use the set cluster <name> target command to set a target name or target host, tune a target
host, and/or to enable or disable the target host.
Roles
set cluster <name> target
host ip:port
host enabled/
disabled
host paused/
unpaused
localip
name
ssl
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-65 can be entered after the set cluster <name> target command.
Table 3-65
set cluster <name> target Options
Options
host
148
Value
[all | <ip:port>]
Description
<blank>
Adds target host to cluster. All can be specified instead of IP and Port.
disabled
Disables cluster target host.
enabled
Enables cluster target host.
hardpause
Places the target host into a hard pause.

Halts all new client traffic to the target host,
and terminates all existing in-use traffic.
softpause
Places the target host into a hard pause.

Halts all new client traffic to the target host,
but allows all existing in-use traffic.
unpause
Removes the target host from a paused condition.
localip
<ip>
Sets the local IP to be used for communication with all the target hosts in this cluster.
name
<DNS Name>
Sets the cluster target name.
ssl
SSL configuration; refer to set cluster

<name> target ssl on page 150 for additional information.
tune
Tunes the target server parameters for the

cluster. For more information, see set cluster <name> target tune on page 152.
Notes
The settings for the hardpause, softpause, and unpause commands take place immediately.
The settings for the remainder of the commands will only take effect after a write operation.
Examples
set cluster 1 target host 10.0.22.3:80
Establishes a target host for cluster 1 at a specified IP address and port number.
set cluster 1 target host 66.218.71.87:80 enabled
Enables target server 66.218.71.87 in cluster 1.
set cluster 1 target host all enabled
Enables all target servers in cluster 1.
set cluster 1 target name foobar.com
Sets the domain name of the target host for cluster 1.
149
set cluster <name> target ssl

Purpose
Use the set cluster <name> target ssl command to establish SSL properties of target servers.
Roles
set cluster <name>
target ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-66 can be entered after the set cluster <name> target ssl
command.
Table 3-66
set cluster <name> target ssl Options
Options
Value
Description
certfile
<file>
Specifies the SSL certfile for cluster target connection.
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites
that conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for cluster target traffic.
common
Allows only the fastest cipher suites from both the strong and export
groups.
export
Allows only the lower-security cipher suites that are suitable for export.
file
Allows a user-defined list of SSL cipher suites to be used to configure an

SSL target.
strong
Allows only the highest security cipher suites that are suitable for use in the
United States.
ciphersuite
disabled
Disables SSL for cluster target traffic.
enabled
Enables SSL for cluster target traffic.
keyfile
<file>
keypass
protocol
timeout
150
Specifies the SSL keyfile for cluster target connections.

Specifies the SSL key pass phrase for cluster target connections.
sslv2
Specifies the SSL protocol type for cluster target traffic:

sslv23
sslv23: SSL Version 2; SSL Version 3; TLS Version 1
sslv3
tlsv1
tlsv1: TLS Version 1 only
<minutes>
Timeout in number of minutes. The default is 1440 minutes.
Notes
Examples
set cluster 1 target ssl enabled
Enables SSL encryption for cluster 1.
set cluster 1 target ssl ciphersuite all
Uses all SSL cipher suite types for cluster target traffic.
151
set cluster <name> target tune

Purpose
Use the set cluster <name> target tune command to start the target tuning tool. The purpose
of the target tuning tool is to enable you to easily set up the interaction with the target hosts and
to properly set up the cluster/system behavior for a custom environment. The target tuning tool
is a single CLI command that sets a number of configuration variables using a question and
answer format. This option is only available on the E|X Enterprise Network Processor.
Roles
set cluster <name>
target tune
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The set cluster <name> target tune command will prompt you for the options shown in
Table 3-67, Table 3-68, and Table 3-69.
Table 3-67
Target Application Tune Options
Options
Other*
Action
Selecting this option resets all the setting changes made by the
other selections for this item to their default value. The settings
that it affects are:
152
Disable Extended HTTP Methods

Disable WebDAV HTTP Methods
Disable Connection Binding
Disable compression of unauthorized responses
Disable compression of MIME type text/xml
Disable compression of MIME type text/x-component
Enable compression of MIME type text/plain
Set Standing Connection (sc) to six
Disable compression of MS Office documents
Reset the custom MIME type for application/pdf
Disable use of custom MIME types
Enable the use of the HTTP Vary header
Table 3-67
Target Application Tune Options
Options
OWA
Action
This option makes the following settings:
Enable Extended HTTP Methods for this cluster

Enable WebDAV HTTP Methods for this cluster
Enable Connection Binding
Enable compression of unauthorized responses for this cluster
Enable compression of MIME type text/xml serverwide
Enable compression of MIME type text/x-component serverwide
PeopleSoft
This option disables compression of MIME type "text/plain" serverwide
Domino 5

Enable Connection Binding for this cluster
Set Standing Connection (sc) to 0 (zero) serverwide
Domino 6
This option sets Standing Connection (sc) to two serverwide
JDE OneWorld
Enable compression of MS Office documents serverwide

Turn off the use of 2k (default value)
Set a custom MIME type for application/pdf serverwide
Enable use of custom MIME types serverwide
Disable the use of the HTTP Vary header serverwide
The tuning options for the Target Web Server type are:
Table 3-68
Target Web Server Tuning Options
Options
Action
Other*
Selecting this option disables protected TelnetClient tc3 support

serverwide.
Apache
Selecting this option enables protected TelnetClient tc3 support

serverwide.
IIS4
Selecting this option enables protected Internet Information Server support serverwide.
The tuning options for the NTLM Authentication are:

Table 3-69
NTLM Authentication Tuning Options
Options
Action
No*
Selecting this option disables connection binding for this cluster.
Yes
Selecting this option disables connection binding for this cluster.
153
Notes
Example
An example of a typical tuning tool session is shown below. The default answer for each of the
questions is marked with an asterisk (*):
% set cluster 1 target tune
This will help optimize the communication with the Target Hosts
within this cluster. It will help ensure that functionality is
maintained while providing the most possible benefit.
Please answer the following questions. Enter Control-C at any
time to exit without modification.
1)
1)
2)
3)
4)
5)
6)
Please select the Target Application

Other (*)
PeopleSoft
Domino5
Domino6
JDE
OWA
Enter Selection: 1
2)
1)
2)
3)
Please select the Target Web Server Type

Other (*)
Apache
IIS4
Enter Selection: 1
3) Is NTLM Authentication used?
N) No (*)
Y) Yes
Enter Selection: n
You have selected:
Target Application: Other
Target Web Server: Other
NTLM Authentication: No
Continue using these selections?
N) No, Start Over (*)
Y) Yes, Use these values
Enter Selection: y
Tuning based on your selections ...
Done.
(*) tx5
154
set cluster <name> transparency

Purpose
Use the set cluster <name> transparency command to enable or disable IP transparency. This
command is only available on the E|X Enterprise Application Processor.
Roles
Set cluster <name>
transparency
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> transparency
command.
Table 3-70
set cluster <name> transparency Options
Options
disabled
enabled
Value
Description
Disables IP transparency (default).
Enables cluster logging.
1.This command is only available on an E|X Enterprise Application Processor.
Notes
Redline appliances operate in a secure reverse-proxy mode. In this mode, all incoming client
requests are terminated at the Redline appliance and multiplexed to a pool of predefined target
hosts that serve the content. When the Redline appliance provides connection multiplexing, the
Source IP (SIP) is replaced by the IP of the Redline appliance before the request is forwarded
to the target host. This is required to provide the connection multiplexing capability in the appliance. However, this may create unintended side effects:
The target host logs do not have the clients IP address any more.
Since to the target host, all requests look to originate from a single IP, it may perceive it
as an attack and close connections.
The set cluster <name> transparency command allows you to enable or disable client IP
transparency capability for a cluster configuration. Enabling transparency allows the target
hosts to see the source IP address of the originating connection. For more information, see
Client IP Transparency in the Integrating the E|X Into your Network chapter of the Installation
and Administration Guide.
155
Examples
set cluster 1 transparency enabled
Enables logging on cluster 1.
156
set cluster <name> weblog

Purpose
Use the set cluster <name> weblog commands to enable or disable cluster logging. The
formats in which the Web Log can be stored are shown in the notes.
Roles
set cluster <name>
weblog
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> weblog
command.
Table 3-71
set cluster <name> weblog Options
Options
Value
Description
batch
This command configures cluster logging in Web Log Batch

mode. See set cluster <name> weblog batch on page 160
destination
This command determines whether web log entries will be

sent to the Syslog Server immediately (syslog) or in a batch
(batch). For information on the weblog batch commands,
refer to set cluster <name> weblog batch on page 160.
[syslog | batch]
disabled
Disables cluster logging.
enabled
Enables cluster logging.
format
common | combined | common_cn |

combined_cn | perf1
Sets the format for the Web Log.
syslog
host
<host IP Address>
Set cluster log host address.
syslog
port
<port>
Sets the port to which the weblog will be sent.

The default port is 514.
Notes
The appliance can be configured to transmit the logs to the Syslog server in one of two ways.
The default configuration is Immediate mode, where the Redline appliance immediately writes
a User Datagram Protocol (UDP) packet containing a web log to the configured syslog server
for each client request. Immediate mode can create a significant amount of extra network activity and does not allow the ability to save logs.
157
The alternative is Web Log Batch mode. In Web Log Batch mode, web logs are saved on the
Redline appliance and then copied off in bulk format. For more information, see set cluster
<name> weblog batch on page 160.
The user can select the format of the log from one of these five options:
Common: This is the Apache Common Logging Format (CLF). The information included in the log is:
remotehost remotelogname authuser [date] "request" status
bytes
Combined: This is a modification of CLF (common) format and adds the values of the
Referer and User-Agent HTTP headers in quotes:
remotehost remotelogname authuser [date] "request" status
bytes "Referer" "User-Agent"
Common_cn: This is a modification of CLF (common) format with the cluster name
prepended to the CLF format:
clustername remotehost remotelogname authuser [date] "request"
status bytes
Combined_cn: This is a modification of the combined format with the cluster name
prepended to the combined format:
clustername remotehost remotelogname authuser [date] "request"
status bytes "Referer" "User-Agent"
Perf1: This is a proprietary format that allows you to more easily monitor the performance of Redline Networks appliance compression and cache. The information included
in the log is:
remotehost [date] method url version status request-bytes precomp-bytes postcomp-bytes cachehit
The information fields included in the logs are defined in Table 3-72.
Table 3-72
Web Log Field Definitions
Field
Definition
remotehost
The remote hostname (or IP address if the DNS hostname is not available, or if
DNSLookup is Off).
remotelogname
The remote logname of the user.
authuser
The username with which the user authenticated himself.
[date]
The date and time of the request inside brackets ([]).
"request"
The request line exactly as it came from the client inside quotes (" ").
status
The HTTP status code returned to the client.
bytes
The content-length of the document transferred for response.
"referer"
The value of the Referer header inside quotes (" ").
"user-agent"
The value of the User-Agent header inside quotes (" ").
158
Table 3-72
Web Log Field Definitions
Field
Definition
clustername
The name of the cluster that received the request.
method
The request method.
url
The request URL.
version
The request version with the format "HTTP/<major>.<minor>" (without the

quotes).
request-bytes
The length of request content-body. This is applicable for POST, PUT, and certain WebDAV requests.
precomp-bytes
The content-length of the response document before compression.
postcomp-bytes
The content-length of the response document after compression.
cachehit
The number of Redline cache hits or cache misses.
Examples
set cluster 1 weblog enabled
Enables logging on cluster 1.
set cluster 2 weblog disabled
Disables logging on cluster 2.
set cluster 1 weblog syslog host 10.4.5.4
Sets cluster 1 log host address.
159
set cluster <name> weblog batch

Purpose
Use the set cluster <name> weblog batch commands to configure cluster logging in Web Log
Batch mode.
Roles
set cluster <name>
weblog batch
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> weblog batch
command.
Table 3-73
set cluster <name> weblog batch Options
Options
compression
Value
Description
[enable | disable]
The web log can be sent to the syslog host in either native format or compressed in GZIP format. This command enables or
disables compression.
Forces an immediate copy of the Web Logs to the configured
syslog server.
copynow
Sets the size of the compressed file to copy (the size of the two
data buffers). The default value is 10 MBytes, and the range is
1 to 50 MBytes.
size
[val]
time
<1 | 2 | 3>
failure
retryinterval
[val]
host
[server]
Sets the host where the Web Log will be copied.
connecttest
This command is used to test the connection: (copies a one

byte test file).
copy
Sets the times for the Web Log to be transmitted to the configured syslog server. The format of [time] is HH:MM. Up to three
times can be configured for each day.
Sets the retry interval (in seconds) in case of copy failure. The
default value is 60 seconds; the range is 30 to 200 seconds).
directory
[directory]
Sets the remote scp target directory.
keyfile
[filename]
Sets the (non-password protected) private key. The private

key must then be captured using the capture command. (Refer to capture on page 31.
username
[user]
Sets the remote SCP username.
scp
160
[time]
Notes
Examples
None
161
set dns
Purpose
Use the set dns command to set the name service domain and the name server.
Roles
Role
set dns
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-74 can be entered after the set dns command.
Table 3-74
set dns Options
Options
Value
Description
domain
<DNS name>
Sets the name service domain.
server N
<IP Address>
Sets the name server; where N = 1, 2, or 3.
Notes
Examples
set dns domain www.foo.bar
Set DNS domain to a domain name.
set dns server 1 192.177.45.13
Set name server to an IP address.
162
set ether n
Purpose
Use the set ether N command to set the IP address, media, mtu, and netmask.
Roles
Role
set ether n
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-75 can be entered after the set ether n command.
Table 3-75
set ether n Options
Options
ip
Value
Description
<ip>
Sets the IP address.
media
<media description or #>
Sets media parameters. Supported media options are:

[1] 10baseT/UTP
[2] 10baseT/UTP full-duplex
[3] 100baseTX
[4] 100baseTX full-duplex
[5] autoselect
mtu
<MTU #>
Sets the interface Maximum Transmission Unit

(MYTU).
netmask
<IP mask>
Sets the netmask.
Notes
Ether N may be ether 0 or ether 1.
Ether 0 is for user traffic and in-band administration.
Ether 1 is for heart beat traffic ensuring that the appliance is active and there is no need
to cut over to the standby appliance.
The administrative interface can be all interfaces or those specified by the set admin interface
command. The setting for media must exactly match the switch to which the appliance is
attached. If the switch is managed and has explicit settings, choose the exact speed and setting.
If the switch is un-managed, choose auto negotiate. The MTU (Maximum Transmission Unit)
should be set to 1500 for Ethernet.
DO NOT change this value unless your switch and network are configured to work
with a different MTU.
163
Examples
set ether 0 ip 10.44.5.5
Sets the ether 0 IP address.
set ether 1 media 100baseTX full-duplex
Sets ether 1 media type to 100 BaseTX.
set ether 1 media 5
Changes the media for ether 1 to auto-select.
164
set forwarder <name>

Purpose
A forwarder is used to forward non-HTTP TCP traffic (for instance, SMTP traffic).
Use the set forwarder <name> listen command to set the address or port for forwarder
listening.
Use the set forwarder <name> name command to rename a forwarder.
Use the set forwarder <name> target command to establish a target host, and/or enable
or disable that host.
Use the set forwarder <name> weblog command to set the host or logging for a forwarder.
Roles
Role
description
dsr
listen
name
target
weblog
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-76 can be entered after the set forwarder <name> command.
Table 3-76
set forwarder <name> Options
Options
Value
Description
description
<description>
dsr
Enables or disables Direct Server Return for the

[disabled | enabled] named forwarder.
port
<Port number>
listen ssl
vip
name
Add a description to forwarder <name>.
Set the forwarders listen port; this should usually be

set to 80. The default is port 80.
See set forwarder <name> listen ssl on page 167.
<ip>
Set the forwarders virtual IP address.
<new name>
Rename a forwarder from <name> to <new name>.
165
Table 3-76
set forwarder <name> Options
Options
Value
Description
Adds the IP address and the port for the forwarder target.
host
<ip:port>
Disables the forwarder target host.

Enables the forwarder target host.
target
localip
<ip>
ssl
Set the local IP address to be used for communication

with all the target hosts in this forwarder.
Refer to set forwarder <name> target ssl on
page 170.
Notes
The description is limited to 512 characters of free-form text, but can not include newlines. This
allows administrators to fully describe the forwarder usage, contact information, warnings, or
any other pertinent information they deem necessary.
Examples
set forwarder 1 listen port 25
Sets forwarder 1 listen port to 25.
set forwarder foo target host 192.168.22.4:25
Adds a target host to forwarder foo.
set forwarder 1 target host enabled
Enables the target host for forwarder 1.
166
set forwarder <name> listen ssl

Purpose
Use set forwarder <name> listen ssl to establish properties of a forwarders listen SSL traffic.
Roles
Role
Admin

listen ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-77 can be entered after the set forwarder <name> listen ssl
command.
Table 3-77
set forwarder <name> listen ssl Options
Options
Value
Description
certfile
<filename>
Specifies the SSL certfile for forwarder listen connections.
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of

cipher suites that conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for forwarder listen traffic.
common
Allows only the most commonly used cipher suites from both
the strong and export groups.
export
Allows only the lower security suites that have been traditionally available for export.
file
Allows a user-defined list of SSL cipher suites to be used to

configure an SSL forwarder.
strong
Allows only the highest security cipher suites that have only
been traditionally available in the United States.
ciphersuite
167
Table 3-77
set forwarder <name> listen ssl Options
Options
Value
authtype
cacertfile
[local | none]
Enables or disables client authentication for forwarder <name>.

specified, the local and remote authentication are disabled.
This option (none) may be used in situations where a client
certificate needs to be forwarded to the target host.
<filename>
Sets the advertised Certificate Authority (CA) file as <filename>

for the forwarder. The <filename> must contain a list of one
or more valid CA certificates that are self-signed or signed by:
All certificate entries in this file must be in base64-encoded format.
<filename>
Sets the CA Certificate Revocation List (CRL) as <filename>

for the forwarder. The <filename> must be a list of one or
more valid CRLs containing certificates signed by one of the
CAs listed in the trusted CA certificate file. All CRL entries not
corresponding to an entry in the trusted CA certificate file are
ignored.
<filename>
Sets the CA Trusted Certificate file to <filename> for the forwarder. The <filename> must be a file containing a valid list
of one or more root- or intermediate-CA certificates; each certificate is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate must also be present in either a catrustfile or the cacertfile.
clientauth
cacrlfile
catrustfile
Description
disabled
Disables SSL client authentication for the listen traffic
enabled
Enables SSL client authentication for the listen traffic
disabled
Disables SSL for forwarder listen traffic.
enabled
Enables SSL for forwarder listen traffic.
ephkeyfile
<ephkeyfile>
ephkeypass
keyfile
Specifies the ephemeral key pass phrase.

<filename>
keypass
protocol
Specifies the SSL ephemeral keyfile.

Specifies the SSL keyfile for forwarder listen traffic.
Specifies the SSL key pass phrase for forwarder listen traffic.
sslv2
Specifies the SSL protocol type for forwarder listen traffic:

sslv23
sslv23: SSL Version 2; SSL Version 3: TLS Version 1
sslv3
tlsv1
Notes
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a
512-bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password.
The 512-bit RSA key must reside in the file /usr/rl/etc/forwarder/ephpass.pem.
168
The SSL key pass phrase (keypass) is not copied as part of the configuration file on the new
partition during an upgrade. You can import the keypass by typing command:
%set forwarder <n> listen ssl keypass <key password>

Examples
set forwarder 1 listen ssl certfile certfile.dat
Sets the forwarder 1 listen SSL certfile to certfile.dat.
set forwarder 1 listen ssl keypass
Sets the forwarder 1 listen SSL pass phrase (prompted).
set forwarder 1 listen ssl ciphersuite export
Sets the forwarder 1 listen SSL ciphersuite to export.
169
set forwarder <name> target ssl

Purpose
Use the set forwarder <name> target ssl command to establish SSL properties of target
servers.
Roles
set forwarder <name> target
ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-78 can be entered after the set forwarder <name> target ssl
command.
Table 3-78
set forwarder <name> target ssl Options
Options
Value
Description
certfile
<file>
Specifies the SSL certfile for forwarder target connection.
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites
that conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for forwarder target traffic.
common
Allows only the fastest cipher suites from both the strong and export
groups.
export
Allows only the lower-security cipher suites that are suitable for export.
file
Allows a user-defined list of SSL cipher suites to be used to configure an

SSL target.
strong
Allows only the highest security cipher suites that are suitable for use in the
United States.
ciphersuite
disabled
Disables SSL for forwarder target traffic.
enabled
Enables SSL for forwarder target traffic.
keyfile
<file>
keypass
protocol
170
Specifies the SSL keyfile for forwarder target connections.

Specifies the SSL key pass phrase for forwarder target connections.
sslv2
Specifies the SSL protocol type for forwarder target traffic:

sslv23
sslv3
tlsv1
Table 3-78
set forwarder <name> target ssl Options
Options
Value
timeout
<time>
Description
Sets the SSL session timeout (in minutes) for the forwarders target traffic.
Notes
Examples
set forwarder 1 target ssl enabled
Enables SSL encryption for forwarder 1.
set forwarder 1 target ssl ciphersuite all
Uses all SSL cipher suite types for forwarder target traffic.
171
set health remotehost

Purpose
Use the set health remotehost command to set parameters relating to connectivity failover.
Roles
Role
set health remotehost
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-79 can be entered after the set health remotehost command.
Table 3-79
set health remotehost Options
Options
Value
Description
disabled
Disables connectivity failover.
enabled
Enables connectivity failover.
host
[ip]
Adds an IP address to health check.
interval
[seconds]
Sets the health check interval (how often to

send the health checks).
minhostsfailing
[count]
Sets the count for minimum number of hosts

failing.
retry
[count]
Sets the maximum number of attempts before

health check considers the host down.
timeout
[seconds]
Sets the health check timeout (how long to

wait for a response).
Notes
Example
None
172
set hostname
Purpose
Use the set hostname command to set the host name.

Roles
Role
set hostname
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-80 can be entered after the set hostname command.
Table 3-80
set hostname Option
Option
<host name>
Description
Name of the host.
Notes
The settings made by this command will only take effect after a write operation. The host name
must be fully-qualified.
Example
set hostname www.foobar.com
Sets the host name.
173
set ntp
Purpose
Use the set ntp command to set the NTP server or daemon.
Roles
Role
set ntp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-81 can be entered after the set ntp command.
Table 3-81
set ntp Options
Options
Value
down
server N
Description
Turns off the NTP daemon.
<hostname/IP Address>
up
Sets the NTP server N, where N = 1, 2 or 3.

Turns on the NTP daemon.
Notes
Setting ntp up or down takes effect immediately, without a write command. Issuing a write
command saves the change so that it is preserved between reboots.
Examples
set ntp server 1 www.foobar.com
Sets the NTP server.
set ntp up
Turns on the NTP daemon.
174
set password
Purpose
Use the set password command to set the logged-in users password.
Roles
Role
set password
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-82 can be entered after the set password command.
Table 3-82
set password Option
Option
None
Description
You are prompted for the password.
Notes
This command takes effect immediately.

Individual users are only allowed to change their own password. The Super Admin is allowed
to change any users password using the set user <name> command (refer to set user <name>
on page 196 for additional information).
You are prompted for the old password before you are allowed to set the new password.
Example
set password
Changes the password. An example of the output is:
tx2% set password
Old password: ******
New password: *******
Retype new password: *******
tx2%
175
set redirector <name>

Purpose
Use the set redirector <name> command to set properties for the redirector. This feature is
only available on the E|X Enterprise Application Processor product line.
Roles
customurl, enabled, disabled, dsr,
host, port, protocol, url method
listen
name
note
listen ssl
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-83 can be entered after the set redirector <name> command.
Table 3-83
set redirector <name> Options
Options
Value
Description
customurl
<URL string>
Sets the URL for redirecting. Only used when the URL method
is set to custom.
description
<description>
Add a description to Redirector <name>.
disabled
dsr
Disables the redirector.

enabled
Enables the use of Direct Server Return (DSR).
disabled
Disables the use of Direct Server Return (DSR).
enabled
Enables the redirector.
host
<hostname or IP Address>
Sets the redirector request host name or IP address.

Redirector listen configuration. Refer to set redirector
<name> listen on page 178 for additional information.
listen
name
<new name>
Change the name of a redirector from <name> to <new

name>.
port
<port number>
Sets the port for redirect requests. The default is port 443.
http
Redirects requests to use HTTP protocols.
https
Redirects requests to use HTTPS protocols. Default is set to

HTTPS.
custom
Redirects requests to a custom page as defined in customurl.
request
Redirects to the same page as the original request. Default is

set to request.
protocol
urlmethod
176
Notes
The settings made by this command will only take effect after a write operation. The redirector
must be enabled before requests will be redirected.
The description is limited to 512 characters of free-form text, but can not include newlines. This
allows administrators to fully describe the redirectors usage, contact information, warnings, or
any other pertinent information they deem necessary.
Examples
set redirector 1 host 205.178.13.100
Sets the redirector 1 host to be 205.178.13.100.
set redirector 1 port 443
Redirects requests to port 443.
177
set redirector <name> listen

Purpose
Use the set redirector <name> listen command to set the listen properties for the redirector.
This establishes a virtual IP address, port, or SSL configuration for a server redirectors traffic.
Roles
set redirector <name> listen
Role
port
ssl
vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-84 can be entered after the set redirector <name> listen
command.
Table 3-84
set redirector <name> listen Options
Options
port
Value
<port number>
Sets the redirector listen port. Default is port 80.

SSL configuration. Refer to set redirector <name> listen
ssl on page 179 for additional information.
ssl
vip
Description
<ip>
Sets the redirector listen virtual IP address.
Notes
Examples
set redirector 1 listen vip 205.178.13.100
Sets the redirector 1 listen virtual IP address to 205.178.13.100.
set redirector 1 listen port 80
Sets the redirector 1 listen port to 80.
178
set redirector <name> listen ssl

Purpose
Use the set redirector <name> listen ssl command to establish properties of the redirector SSL
listen traffic. This feature is only available on the E|X Enterprise Application Processor product
line.
Roles
Role
Admin

listen ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-85 can be entered after the set redirector <name> listen ssl
command.
Table 3-85
set redirector <name> listen ssl Options
Options
Value
Description
certfile
<file>
Specifies the SSL certfile for redirectors listen connection.
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites that conform to the OpenSSL standard.
all
Allows all support SSL cipher suites for redirector listen traffic.
common
Allows only the fastest cipher suites from both the strong and export groups.
export
Allows for the lower security cipher suites that are suitable for export.
file
Allows a user-defined list of SSL cipher suites to be used to configure a redirector.
strong
Allows only the highest security cipher suites that are suitable for
use in the United States.
ciphersuite
179
Table 3-85
set redirector <name> listen ssl Options
Options
Value
authtype
cacertfile
[local | none]
Enables or disables client authentication for redirector <name>.

specified, the local and remote authentication are disabled. This
option (none) may be used in situations where a client certificate
needs to be forwarded to the target host.
<filename>
Sets the advertised Certificate Authority (CA) file as <filename>

for the redirector. The <filename> must contain a list of one or
more valid CA certificates that are self-signed or signed by:
All certificate entries in this file must be in base64-encoded format.
<filename>
Sets the CA Certificate Revocation List (CRL) as <filename> for

the redirector. The <filename> must be a list of one or more
valid CRLs containing certificates signed by one of the CAs listed
in the trusted CA certificate file. All CRL entries not corresponding
to an entry in the trusted CA certificate file are ignored.
<filename>
Sets the CA Trusted Certificate file to <filename> for the redirector. The <filename> must be a file containing a valid list of
one or more root- or intermediate-CA certificates; each certificate
is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate
must also be present in either a catrustfile or the cacertfile.
clientauth
cacrlfile
catrustfile
Description
disabled
Disables SSL client authentication for the listen traffic
enabled
Enables SSL client authentication for the listen traffic
disabled
Disables SSL for redirector listen traffic.
disabled
Disables SSL for redirector listen traffic.
enabled
Enables SSL for redirector listen traffic.
ephkeyfile
<ephkeyfile>
Specifies the ephemeral key pass phrase for redirector listen traffic.
ephkeypass
keyfile
<file>
keypass
protocol
Specifies the SSL ephemeral keyfile for redirector listen traffic.
Specifies the SSL keyfile for redirector listen traffic.

Specifies the SSL key pass phrase for redirector listen traffic.
sslv2
Specifies the SSL protocol types for redirector listen traffic:

sslv23
sslv3
ssl3: SSL Version 3 only
tlsv1
Notes
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a 512bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password.
180

Examples
set redirector 1 listen ssl certfile certfile.dat
Sets the redirector 1 listen SSL certfile to certfile.dat.
set redirector 1 listen ssl keypass
Sets the redirector 1 listen SSL pass phrase (prompted).
set redirector 1 listen ssl ciphersuite export
Sets the redirector 1 listen SSL ciphersuite to export.
181
set route
Purpose
Use the set route command to set the default route

Roles
Role
set route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-86 can be entered after the set route command.
Table 3-86
set route Option
Option
default
Description
Sets the default route.
Notes
This command takes effect immediately. To add a route, refer to add route on page 28 for
Example
set route default 10.8.8.8
Sets the default route to the device to a specified address.
182
set server
Purpose
Use the set server command to turn the Redline server on or off, and to configure server
parameters.
Roles
set server
up | down
customip
logheader
failover
maxconns
reversepath
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-87 can be entered after the set server command.
Table 3-87
set server Options
Options
Value
customiplogheader
Description
Use the set server customiplogheader command to set
the custom HTTP header that will be added along with the
clients original IP at the clients request. The header can
either be a literal or a custom field in which the appliance
will insert the origin clients IP address. Refer to the Logging chapter of the Installation and Administration Guide
for additional information.
<header>
down
Turns off the Redline server (this does not power-down

the appliance).
failover
Refer to the description in set server failover on

forwardclientcert
headername
maxconns
<value>
<header>
Sets the custom HTTP header used for SSL client certificate forwarding.
Sets the maximum number of simultaneous connections
that the appliance can support.
reversepath
Refer to the description in set server reversepath on

up
Turns on the Redline server.

Notes
Setting the Server up or down will take effect immediately after the command is executed. The
remainder of the settings in this section will only take effect after a write operation.
183
Setting cusomiplogheader to X-Forwarded-For allows you to override the REMOTE_ADDR

HTTP variable that BEA Weblogic uses to look up client IP addresses. To do so, set XForwarded-For to the client's IP address, then set the customiplogheader to X-ForwardedFor.
The range of simultaneous connections that each type of appliance can support is shown in
Table 3-88.
Table 3-88
Range of Simultaneous Connections

Simultaneous Connections
Part Number
Minimum
Maximum
T|X 2200
5,000
50,000
E|X 3200
5,000
50,000
T|X 2600
5,000
500,000
E|X 3600
5,000
500,000
Examples
set server up
Starts the server.
set server down
Stops the server.
set server maxconns 350000
Sets the maximum number of simultaneous connections to be 350,000.
set server customiplogheader rlnclientipaddr
Uses the rlnclientipaddr argument as a field to insert the IP address.
184
set server failover

Purpose
Use the set server failover command to enable or disable the Redline server failover. The first
server established with failover is the active server; the second is the standby server.
Roles
set server
failover
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-89 can be entered after the set server failover command.
Table 3-89
set server failover Options
Options
Value
Description
disabled
Disables the Redline server fail-over.
enabled
Enables the Redline server fail-over.
linkfail
vmac
count
Failover link failure count. The default is four.
pollinterval
Failover link failure poll interval in milliseconds.

The default is 500.
enabled
Enables the fail-over with a Virtual MAC (vmac) option.
disabled
Disables the fail-over with a Virtual MAC (vmac) option.
id
Failover Virtual MAC (vmac) ID. The valid range is one to 255,
and the default is zero.
Notes
Both the active and the stand-by appliances should have this option enabled, and both units
should have the same cluster and forwarder settings.
Examples
set server failover enabled
Enables the Redline server failover.
set server failover disabled
Disables the Redline server failover.
185
set server reversepath

Purpose
Use the set server reversepath command to allow routes to be added when packets come back
from a node that does not appear in the appliances routing table.
Roles
set server reversepath
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-90 can be entered after the set server reversepath command.
Table 3-90
Options
set server reversepath Options

Value
Description
disabled
Disables the reversepath feature (default).
enabled
Enables the reversepath feature.
maxroutes
timeout
<number>
Configures the maximum number of routes that can be added

with reversepath. The minimum number is one, the maximum
is 500, and the default value is 20.
<seconds>
Configures the timeout value for the entries added by reversepath. Routes will be deleted after this interval of inactivity. The minimum timeout value is one second, the maximum
value is 5000 seconds, and the default is 45 seconds.
Notes
The settings made by this command will only take effect after the write command has been
given.
Examples
186
set slb
Purpose
Use the set slb commands to configure the internal Server Load Balancer.
Roles
set slb
Role
disabled | enabled
failover
group
sticky
session
advanced reset
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-91 can be entered after the set slb command.
Table 3-91
set slb Options
Options
Values
client
Description
<enabled |
disabled>

sent to the client to indicate that the connection
has been terminated. Enables or disables the
sending of resets to the client. The default value
is enabled.
<enabled |
disabled>

sent to the server to indicate that the connection
has been terminated. Enables or disables the
sending of resets to the server. The default value
is enabled.
advanced reset
server
disabled
Stops the Server Load Balancer. The default is

disabled.
enabled
Starts the Server Load Balancer.
187
Table 3-91
set slb Options
Options
bindaddr
failover
188
Values
<ip addr>
Description
Sets the bind address for the failover mechanism.
disabled
Disables the failover mechanism.
enabled
Enables the failover mechanism.
forcemaster
<enabled |
disabled>
Enabling the forcemaster allows a switch to

snatch the active status from another switch of
higher nodeid.
Enables or disables the forcemaster. The default
value is disabled.
mcastaddr
<ip addr>
Sets the multicast address for the failover mechanism.
nodeid
<number |
auto>
Sets the nodeid of the SLB failover unit. Setting

nodeid to auto results in the nodeid being generated automatically. The default is auto.
port peer
<port>
Sets the port for failover communication. The default is 9200.
vmac
<enabled |
disabled>
Enables or disables the use of Virtual MAC on

the interface. The default is disabled.
vmac id
<id>
Sets the Virtual Router ID of the failover unit. The

parameter id is a number between one and 255,
both inclusive. The default is one.
Table 3-91
set slb Options
Options
Values
Description
<half | full>
Sets the full or half Network Address Translation

(NAT) policy for the switch group. The default is
full.
nat port
<start | end>
<value>
Sets the ports from an SLB group that can be

NAT-ed. Since the L4S switch can operate in
DSR mode, it may not see the packets going
from target host to the client. This makes it difficult for the L4 switch to track the connection
state, so it uses a timer to purge the sessions.
The start value should be between 0 - 65535.
The end value should be between 0 - 65535, and
be greater then the start port value. The default
NAT start port is 1024 and the default NAT end
port is 8000.
protocol
<tcp | udp>
Sets a protocol for the switch group. The default

is TCP.
<roundrobin* |
leastconn |
bkupchain |
weightedrr |
maxconn>
Sets the load balancing policy for the switch NAT

group. The default is roundrobin.
Using 'roundrobin' results in the next active target host in the cluster being picked up. So, if
there are three new requests, and three active
target hosts in the cluster; each target host will
service one request.
The 'leastconn' policy uses Redlines fewest
outstanding requests algorithm.
With Backup Chaining, whenever a new connection request comes in, the first active target
host in the list is picked up. This makes the ordering of the target hosts important. Target
hosts have to be added in order of decreasing
importance.
With the Weighted Round-robin policy, the
servers are chosen semi-sequentially, based
on their weight. The larger the weight, the higher the probability of the server being chosen.
Maxconn assigns a specified maximum number of concurrent connections to each target
host in sequence.
sticky
<enabled |
disabled>
Enables stickiness of a particular client to a

server within a group. Stickiness results in a client always being connected to the same server
(if reconnected before the timeout). The default
is disabled.
targethost
<ip:port>
Sets a new target host with a Real IP address.
healthcheck
smtp
<enabled |
disabled>
Enables or disables SMTP health checking for a

group. The default is disabled.
targethost
<ip:port | all>
maxconn
<number>
Sets the maximum number of concurrent connections per targethost when the maxconn load
balancing policy is in effect.
nat
<name>
group
policy
<name |
all>
189
Table 3-91
set slb Options
Options
Values
Description
down
<seconds>
Sets the health check interval when the target

hosts are down. The default value is 10 seconds.
syn
<seconds>
Sets the health check interval for TCP SYN. The

default value is 5 seconds.
<seconds>
Periodic health checks of the target servers are

conducted to check their status. Health check is
a default feature and it cannot be turned off.
Sets the health check interval when the target
hosts are up. The default value is 20 seconds.
<number>
Sets the maximum number of health check tries

before giving up. The default value is three tries.
ackwait
<seconds>
Sets the timeouts for the ackwait sessions. A

ackwait is a session with a three-way handshake
not terminated (SYN sent by client and waiting
for a SYN/ACK from the server or SYN sent by
client and SYN/ACK sent by the server, but waiting for an ACK from the client). The default value
is 10 seconds.
active
<seconds>
Sets the timeouts for the active sessions. The

default value is 100 seconds.
<seconds>
Sets the timeouts for the closewait sessions. A

closewait is a session that is waiting to be
closed, but has not closed as of yet. The default
value is 15 seconds.
interval
healthcheck
up
maxtries
session timeout
closewait
<disabled | enabled>
Stickiness results in a client always being connected to the same server (if reconnected before
the timeout). The default setting is disabled.
<timeout>
Sets the timeout for the stickiness of a particular client to a server. The default value is 120
minutes.
sticky
<minutes>
Notes
The set slb enabled and set slb disabled options take effect immediately, however
a write operation in needed to make the change persistent. The remainder of the settings made
by this command will only take effect after a write operation.
See the Server Load Balancing chapter of the Installation and Administration Guide for
complete information on Server Load Balancing policies.
Examples
% add slb group 192.168.15.62:999
Group 1 created
Add a group of IP 192.168.15.62 and port 999.
% set slb group 1 targethost 192.168.15.66:80
Adds target server 192.168.15.66 port 80 into this group.
190
% set slb group 1 nat full

Sets the group 1 to full nat.
% set slb group 1 nat end 9124
% set slb group 1 nat end 1234
Sets the nat port range from 1234 to 9124 (both numbers included).
% set slb group 1 policy round-robin
Sets the group policy to round robin.
191
set sync group <name>

Purpose
Use the set sync group command to configure a synchronization group for configuration
synchronization.
Roles
Role
set sync group <name>
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-92 can be entered after the set sync group <name> command.
Table 3-92
set sync group <name> Options
Options
description
member
<memberid>
Value
<description>
Adds a description for a synchronization

group.
password
Sets the password for a synchronization

group member.
port
Sets the port for a synchronization group

member.
user
name
override
<username>
Sets the user name for a synchronization

group member. The default user name is
redline.
<newname>
Renames a synchronization group member.
disabled
Disables the use of the group override

file. the default is disabled.
enabled
Enables the use of the group override file.
filename
timeout
Description
<filename>
Sets the name for the group override file.
<time>
Set a synchronization groups per-member timeout.
Notes
For each of the commands, <memberid> is either <hostname:port> or <ip:port>.
Examples
None
192
set timezone
Purpose
Use the set timezone command to set the servers time zone.
Roles
Role
set timezone
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-93 can be entered after the set timezone command.
Table 3-93
set time zone Option
Option
<time zone>
Description
The server time zone
Notes
The time zone settings are shown in Table 3-94. Use the show timezone list command (refer to
show timezone on page 308) to get a full list of time zones to see what your local zone is
called.
Table 3-94
Time Zones
Time Zones
Africa/Adibjan
America/Dominica
Antarctica/Mawson
Atlantic/Azores
Europe/Riga
Africa/Accra
America/Edmonton
Antarctica/McMurdo
Atlantic/Faeroe
Europe/Rome
Africa/Addis_Ababa
America/Eirunepe
Antarctica/Palmer
Atlantic/Jan_Mayen
Europe/Samara
Africa/Algiers
America/El_Salvador
Antarctica/South_Pole
Atlantic/Madeira
Europe/San_Marino
Africa/Asmera
America/Fortaleza
Antarctica/Syowa
Atlantic/Reykjavik
Europe/Sarajevo
Africa/Bamako
America/Glace_Bay
Antarctica/Vostok
Atlantic/South_Georgia
Europe/Simferopol
Africa/Bangui
America/Godthab
Arctic/Longyearbyen
Atlantic/St_Helena
Europe/Skopje
Africa/Banjul
America/Goose_Bay
Asia/Aden
Atlantic/Stanley
Europe/Sofia
Africa/Bissau
America/Grand_Turk
Asia/Almaty
Australia/Adelaide
Europe/Stockholm
Africa/Blantyre
America/Grenada
Asia/Amman
Australia/Brisbane
Europe/Tallinn
Africa/Brazzaville
America/Guadeloupe
Asia/Anadyr
Australia/Broken_Hill
Europe/Tirane
Africa/Bujumbura
America/Guatemala
Asia/Aqtau
Australia/Darwin
Europe/Uzhgorod
Africa/Cairo
America/Guayaquil
Asia/Aqtobe
Australia/Hobart
Europe/Vaduz
Africa/Casablanca
America/Guyana
Asia/Ashgabat
Australia/Lindeman
Europe/Vatican
Africa/Ceuta
America/Halifax
Asia/Baghdad
Australia/Lord_Howe
Europe/Vienna
193
Table 3-94
Time Zones
Time Zones
Africa/Conakry
America/Havana
Asia/Bahrain
Australia/Melbourne
Europe/Vilnius
Africa/Dakar
America/Hermosillo
Asia/Baku
Australia/Perth
Europe/Warsaw
Africa/Dar_es_Salaam
America/Indianapolis
Asia/Bangkok
Australia/Sydney
Europe/Zagreb
Africa/Djibouti
America/Inuvik
Asia/Beirut
Etc/GMT
Europe/Zaporozhye
Africa/Douala
America/Iqaluit
Asia/Bishkek
Etc/GMT+0
Europe/Zurich
Africa/El_Aaiun
America/Jamaica
Asia/Brunei
Etc/GMT+1
Indian/Antananarivo
Africa/Freetown
America/Jujuy
Asia/Calcutta
Etc/GMT+10
Indian/Chagos
Africa/Gaborone
America/Juneau
Asia/Choibalsan
Etc/GMT+11
Indian/Christmas
Africa/Harare
America/La_Paz
Asia/Chongqing
Etc/GMT+12
Indian/Cocos
Africa/Johannesburg
America/Lima
Asia/Colombo
Etc/GMT+2
Indian/Comoro
Africa/Kampala
America/Los_Angeles
Asia/Damascus
Etc/GMT+3
Indian/Kerguelen
Africa/Khartoum
America/Louisville
Asia/Dhaka
Etc/GMT+4
Indian/Mahe
Africa/Kigali
America/Maceio
Asia/Dili
Etc/GMT+5
Indian/Maldives
Africa/Kinshasa
America/Managua
Asia/Dubai
Etc/GMT+6
Indian/Mauritius
Africa/Lagos
America/Manaus
Asia/Dushanbe
Etc/GMT+7
Indian/Mayotte
Africa/Libreville
America/Martinique
Asia/Gaza
Etc/GMT+8
Indian/Reunion
Africa/Lome
America/Mazatlan
Asia/Harbin
Etc/GMT+9
Pacific/Apia
Africa/Luanda
America/Mendoza
Asia/Hong_Kong
Etc/GMT-0
Pacific/Auckland
Africa/Lubumbashi
America/Menominee
Asia/Hovd
Etc/GMT-1
Pacific/Chatham
Africa/Lusaka
America/Merida
Asia/Irkutsk
Etc/GMT-10
Pacific/Easter
Africa/Malabo
America/Mexico_City
Asia/Istanbul
Etc/GMT-11
Pacific/Efate
Africa/Maputo
America/Miquelon
Asia/Jakarta
Etc/GMT-12
Pacific/Enderbury
Africa/Maseru
America/Monterrey
Asia/Jayapura
Etc/GMT-13
Pacific/Fakaofo
Africa/Mbabane
America/Montevideo
Asia/Jerusalem
Etc/GMT-14
Pacific/Fiji
Africa/Mogadishu
America/Montreal
Asia/Kabul
Etc/GMT-2
Pacific/Funafuti
Africa/Monrovia
America/Montserrat
Asia/Kamchatka
Etc/GMT-3
Pacific/Galapagos
Africa/Nairobi
America/Nassau
Asia/Karachi
Etc/GMT-4
Pacific/Gambier
Africa/Ndjamena
America/New_York
Asia/Kashgar
Etc/GMT-5
Pacific/Guadalcanal
Africa/Niamey
America/Nipigon
Asia/Katmandu
Etc/GMT-6
Pacific/Guam
Africa/Nouakchott
America/Nome
Asia/Krasnoyarsk
Etc/GMT-7
Pacific/Honolulu
Africa/Ouagadougou
America/Noronha
Asia/Kuala_Lumpur
Etc/GMT-8
Pacific/Johnston
Africa/Porto-Novo
America/Panama
Asia/Kuching
Etc/GMT-9
Pacific/Kiritimati
Africa/Sao_Tome
America/Pangnirtung
Asia/Kuwait
Etc/GMT0
Pacific/Kosrae
Africa/Timbuktu
America/Paramaribo
Asia/Macau
Etc/UCT
Pacific/Kwajalein
Africa/Tripoli
America/Phoenix
Asia/Magadan
Etc/Greenwich
Pacific/Majuro
Africa/Tunis
America/Port-au-Prince
Asia/Makassar
Etc/Universal
Pacific/Marquesas
Africa/Windhoek
America/Port_of_Spain
Asia/Manila
Etc/Zulu
Pacific/Midway
America/Adak
America/Porto_Velho
Asia/Muscat
Europe/Amsterdam
Pacific/Nauru
America/Anchorage
America/Puerto_Rico
Asia/Nicosia
Europe/Andorra
Pacific/Niue
America/Anguilla
America/Rainy_River
Asia/Novosibirsk
Europe/Athens
Pacific/Norfolk
America/Antigua
America/Rankin_Inlet
Asia/Omsk
Europe/Belfast
Pacific/Noumea
America/Araguaina
America/Recife
Asia/Oral
Europe/Belgrade
Pacific/Pago_Pago
America/Aruba
America/Regina
Asia/Phnom_Penh
Europe/Berlin
Pacific/Palau
America/Asuncion
America/Rio_Branco
Asia/Pontianak
Europe/Bratislava
Pacific/Yap
America/Barbados
America/Santiago
Asia/Pyongyang
Europe/Brussels
Pacific/Pitcairn
America/Belem
America/Santo_Domingo
Asia/Qatar
Europe/Bucharest
Pacific/Ponape
America/Belize
America/Sao_Paulo
Asia/Qyzylorda
Europe/Budapest
Pacific/Port_Moresby
194
Table 3-94
Time Zones
Time Zones
America/Boa_Vista
America/Scoresbysund
Asia/Rangoon
Europe/Chisinau
Pacific/Rarotonga
America/Bogota
America/Shiprock
Asia/Riyadh
Europe/Copenhagen
Pacific/Saipan
America/Boise
America/St_Johns
Asia/Saigon
Europe/Dublin
Pacific/Tahiti
America/Buenos_Aires
America/St_Kitts
Asia/Sakhalin
Europe/Gibraltar
Pacific/Tarawa
America/Cambridge_Bay
America/St_Lucia
Asia/Samarkand
Europe/Helsinki
Pacific/Tongatapu
America/Cancun
America/St_Thomas
Asia/Seoul
Europe/Istanbul
Pacific/Truk
America/Caracas
America/St_Vincent
Asia/Shanghai
Europe/Kaliningrad
Pacific/Wake
America/Catamarca
America/Swift_Current
Asia/Singapore
Europe/Kiev
Pacific/Wallis
America/Cayenne
America/Tegucigalpa
Asia/Taipei
Europe/Lisbon
SystemV/AST4
America/Cayman
America/Thule
Asia/Tashkent
Europe/Ljubljana
SystemV/AST4ADT
America/Chicago
America/Thunder_Bay
Asia/Tbilisi
Europe/London
SystemV/CST6
America/Chihuahua
America/Tijuana
Asia/Tehran
Europe/Luxembourg
SystemV/CST6CDT
America/Cordoba
America/Tortola
Asia/Thimphu
Europe/Madrid
SystemV/EST5
America/Costa_Rica
America/Vancouver
Asia/Tokyo
Europe/Malta
SystemV/EST5EDT
America/Cuiaba
America/Whitehorse
Asia/Ulaanbaatar
Europe/Minsk
SystemV/HST10
America/Curacao
America/Winnipeg
Asia/Urumqi
Europe/Monaco
SystemV/MST7
America/Dawson
America/Yakutat
Asia/Vientiane
Europe/Moscow
SystemV/MST7MDT
America/Danmarkshavn
America/Yellowknife
Asia/Vladivostok
Europe/Nicosia
SystemV/PST8
America/Dawson_Creek
Antarctica/Casey
Asia/Yakutsk
Europe/Oslo
SystemV/PST8PDT
America/Denver
Antarctica/Davis
Asia/Yekaterinburg
Europe/Paris
SystemV/YST9
America/Detroit
Antarctica/DumontDUrville
Asia/Yerevan
Europe/Prague
SystemV/YST9YDT
Example
set timezone America/Los_Angeles
Sets the server time zone to America/Los Angeles.
195
set user <name>

Purpose
Use the set user name command to define a users role, enable or disable a user, and set or
change a users password. A users settings may only be modified by an administrator.
Roles
Role
set user name
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-95 can be entered after the set user name command.
Table 3-95
set user name Options
Options
Value
Description
<username | all> disabled
Disables a user.
<username>
enabled
Enables a user.
mustchange
The password for the account must be changed the next time
that the user logs in.
password
Changes the password of a user by the Administrator. The user

will be prompted for the new password; the password must be at
least six characters.
role <role1, role2, ...>
Each user can be assigned one or more roles. This command assigns all users with one or more roles as specified in the list. A
role can be one of the following:
administrator
network _administrator
network_operator
security operator
user
This command adds to the roles that the user is already assigned. This command has no effect on the default account (e.g.,
the account with the default user name redline) or the administrative user who is making the changes).
Notes
The users settings are changed immediately after executing this command without using a
write operation. Refer to the Installation and Administrative Guide for the definition of each
users role.
196
Examples
set user bmartino enabled
Enables the user bmartino. An example output is:
%set user bmartino enabled
user bmartino is now enabled
set user role bmartino security_administrator
Adds the role Security Administrator to user bmartino. An example output is:
%set user role bmartino security_administrator
role security_administrator has been added to user bmartinos
permissions
set user bmartino password
Sets a password for user bmartino. An example output is:
%set user bmartino password
new password: ********
retype new password: ********
password changed
set user bmartino mustchange
User bmartino will be prompted to change the password the first time he or she logs in.
set user bmartino disabled
Disables user bmartino.
197
set vlan
Purpose
Use the set vlan command to set the Virtual LAN parameters.
Roles
Role
set vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-96 can be entered after the set vlan command.
Table 3-96
set vlan Options
Options
Value
Description
default
<tag>
Set the default VLAN
ip
<IP Address>
range
<tag>
Assign a VLAN tag to all the packets going from or to this IP address
Assign a VLAN tag to all the packets going from or to this range of IP
addresses
Notes
A tag added with a specific IP address takes precedence over a range. For example, if you add:
% set vlan range 192.168.10.100-192.168.10.200 10
and
% set vlan ip 192.168.10.34
456
the tag will have a VLAN ID of 456 instead of 10, even though IP 192.168.10.34 falls in the
specified range. If there is a conflict between the tag for the source IP and the tag for the
destination IP, the destination IP will take precedence.
Example
set vlan ip 192.168.10.100 10
Assigns a VLAN tag of 10 to all the packets going to or from the IP address 192.168.10.100.
set vlan range 192.168.10.100-192.168.10.200 10
Assigns a VLAN tag of 10 to all the packets going to or from the range of IP addresses from
192.168.10.100 to 192.168.10.200.
198
show activen
Purpose
Use the show activen command to show the ActiveN configuration.

Roles
Role
show activen
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-97 can be entered after the show activen command.
Table 3-97
show activen Options
Options
Value
Description
<blank>
Shows the basic ActiveN configuration parameters.
advanced
Shows the advanced configuration parameters.

Used to display the blade characteristics. Using all will display all
blades.
<ip|all>
blade
<ip|all>
stats
failover
group
Used to display the blade statistics. Using all will display all blades.
Used to show the settings for the failover mechanism.
Used to display the group characteristics. Using all will display all
groups.
<name|all>
<name|all>
stats
Used to display the group statistics. Using all will display all groups.
stats
Used to show the overall statistics for the switch.
status
Used to display the state of the switch.
sticky
Used to display the sticky timeout entries.

Notes
These options require an ActiveN license before they can be used.

The statistics shown by the show activen stats command are cumulative for all running
ActiveN groups. The statistics that are displayed are shown in Table 3-98.
199
Table 3-98
activen Statistics
Statistic
Description
Total Statistics
Bytes
The total byte count received by all clients.
Packets
The total number of packets received by all clients.
Flushed
The total number of connections that have been flushed by ActiveN. Once the
appliance receives a RST or a FIN from the client for an active connection, it
then waits a number of seconds, and flushes the connection. The counter is
then incremented.
syn
The total number of SYNs sent by all clients.
rst
The total number of RSTs sent by all clients.
fin
The total number of FINs sent by all clients.
Current Sessions
Active
The current number of established TCP sessions.
Fin
The current number of FINs sent by the client prior to ActiveN flushing.
Reset
The current number of RSTs sent by the client prior to ActiveN flushing.
Troubleshooting these parameters depends on the nature of the problem that is occurring. For
instance, if the active session count is really high and increasing, but the flushed count is
low and not increasing, this could imply there are slow client or target hosts, or there could be
high latency on transactions with the Redline appliance.
By knowing what these values mean, you can keep track of what is going on in you site
(primarily from the client side to the Redline appliance). Dividing these numbers by time can
give you an average occurrence count of each variable in the ActiveN stats.
Example
tx% show activeN status

State: Enabled
Shows the status of ActiveN.
200
tx% show activeN group

Group 1
Vip: 10.0.61.9
Port: 80
Total_blades: 6
Active_blades: 4
Blades:
Index Active
1
YES
2
YES
3
YES
4
YES
5
NO
6
NO
Local
NO
NO
YES
NO
NO
NO
RealIP
10.0.61.100
10.0.61.110
10.0.61.120
10.0.61.130
10.0.61.140
10.0.61.150
Mac
0:e0:81:2:46:4a
0:e0:81:3:ff:7d
0:e0:81:3:b5:f7
0:e0:81:4:10:82
0:30:48:71:d4:50
0:30:48:72:58:34
Shows the status of the ActiveN group.
201
show admin
Purpose
Use the show admin command to show the administrative services configuration.
Roles
Role
show admin
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-99 can be entered after the show admin command.
Table 3-99
Options
202
show admin Options

Description
See
<blank>
Shows all admin settings, including telnet, SNMP, SSH,

and WebUI information.
audit
Shows whether audit is enabled.
page 204
cli
Shows the settings for the Command Line Interface.
page 205
email
Shows E-mail server and E-mail address information.
page 206
interface
Shows admin interface settings.
page 207
log
Shows all logging settings.
page 208
netmask
Shows the netmask setting for the admin interface.
page 209
scp
Shows whether SCP is enabled.
page 210
snmp
Shows SNMP information.
page 211
snmp trap
Shows SNMP trap information.
page 213
soap
Shows SOAP Server information
page 215
ssh
Shows whether SSH is enabled.
page 216
syslog
Shows syslog settings.
page 217
tcpdump
Shows TCPDump settings.
page 218
telnet
Shows whether telnet is enabled.
page 219
tftp
Shows TFTP server settings.
page 220
tsdump
Shows TSDump settings.
page 221
upgrade
Shows upgrade filenames.
page 222
vip
Shows admin VIP settings.
page 223
webui
Shows admin server information.
page 224
Notes
Each of the show commands is explained in greater detail in the section that is referenced.
Examples
See the associated section for examples.
203
show admin audit

Purpose
Use the show admin audit command to display the audit trail setting.
Roles
Role
show admin audit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-100 can be entered after the show admin audit command.
Table 3-100 show admin audit Option
Option
Description
<blank>
Displays whether the show commands entered on the CLI

should be logged in the audit trail.
showcmd
Displays whether the show commands entered on the CLI

should be logged in the audit trail.
Notes
Because there is only one subcommand, the information show using the show admin audit
command and the show admin audit showcmd subcommand will be identical.
Examples
show admin audit showcmd
Displays whether show commands should be logged in the audit trail. An example of the output is:
redline% show admin audit showcmd
Show cmds admin logging: enabled
204
show admin cli

Purpose
Use the show admin cli command to show the configuration for the Command Line Interface.
Roles
Role
show admin cli
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
Table 3-101 show admin cli Option
Option
Description
<blank>
Shows the Administrator Command Line Interface settings.
sessionExpireTime
Shows the Administrator Command Line Interface expiration time.
Notes
None
Example
None
ex% show admin cli
Cli Session Expire Time: 7200
Shows the Admin CLI expiration time.
205
show admin email

Purpose
Use the show admin email command to show the main/default E-mail configuration. This
command shows the default E-Mail configuration, but not individually configurable E-mail
settings such as those set with the set admin log, set admin tcpdump, and set admin tsdump
commands.
Roles
Role
show admin email
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin email
Shows the E-mail information configuration, including:
SMTP server
Sender E-mail address
Default to E-mail address
tx% show admin email
SMTP server: mail.company.com
Email address:
From address: tx@company.com
Default 'to' address: jim@company.com
206
show admin interface

Purpose
Use the show admin interface command to show the admin interface settings.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
Shows the admin interface settings. An example of the output is:
tx% show admin interface
Admin Interface: ether0
207
show admin log

Purpose
Use the show admin log command to show the logging configurations.
Roles
Role
show admin log
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin log
Shows the logging configurations, including:
Where it will be logged: memory, syslog, or E-mail
Level of logging for each destination
E-mail addresses where the log will be sent
If logging is enabled
tx% show admin log
Logging: enabled
Logging to:
email: ALERT
memory: ALERT
syslog: (none)
console: (none)
Email 'mailto' addresses:
mailto1: jim@company.com
mailto2:
208
show admin netmask

Purpose
Use the show admin netmask command to show the netmask setting for the admin interface.
Roles
Role
show admin netmask
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin netmask
Show the netmask setting for the admin interface.
209
show admin scp

Purpose
Use show admin scp to display the SCP configuration.

Roles
Role
show admin scp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-102 can be entered after the show admin scp command.
Table 3-102 show admin scp Options
Options
Description
<blank>
Displays the SCP server configuration and the user name for the SCP
operation.
server
Displays the SCP server IP address or host name.
username
Displays the user name for the SCP operation.
Notes
None
Examples
show admin scp
Show the SCP configuration. An example of the output
is:
tx% show admin scp
SCP Server: download.company.com
SCP UserName: root
210
show admin snmp

Purpose
Use the show admin snmp command to show the SNMP configuration information.
Roles
Role
show admin snmp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-103 can be entered after the show admin snmp command.
Table 3-103 show admin snmp Options
Options
Value
<blank>
community
Description
Shows the SNMP configuration.
<blank>
Shows the SNMP community configuration.
ip
Shows the network SNMP connection status.
name
Shows SNMP community name.
netmask
Shows the netmask used to allow SNMP connections from

the specified network.
contact
Shows the SNMP system contact.
location
Shows SNMP system location.
status
Shows whether the SNMP is up or down.
trap
Shows SNMP trap information. Refer to show admin snmp

trap on page 213 for additional information.
Notes
None
Example
show admin snmp status
Shows whether the SNMP is up or down.
211
show admin snmp

Shows the SNMP configuration. An example of the output is:
tx% show admin snmp
System Contact: Jim
System Location: Unknown
Community Name: public
Community IP: 192.168.0.0
Community Netmask: 255.255.0.0
Trap Host 1 IP: 192.168.0.74
Trap Host 1 Community:
Trap Host 1 Version:
Trap Host 2 IP:
Generic Traps: disabled
Enterprise Traps: disabled
Authentication Failure Trap: enabled
Trap Connection Threshold: 50
SNMP: up
212
show admin snmp trap

Purpose
Use the show admin snmp trap command to display options related to sending SNMP traps.
Roles
show admin snmp
trap
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-104 can be entered after the show admin snmp trap command.
Table 3-104 show admin snmp trap Options
Options
Values
Description
<blank>
Displays the SNMP trap settings.
authfailure
Displays the status of authentication failure trap sending.
enterprise
Displays the status of enterprise-specific trap sending.
generic
Displays the status of the generic trap sending.

Displays SNMP host settings for IP addresses, community strings, and the
version configured.
<blank>
host
[1 | 2]
threshold
<blank>
Displays the SNMP host setting for each trap host.
community
Displays the SNMP community string for each trap host
ip
Displays the IP address for each SNMP trap host.
version
Displays the SNMP version configured for each trap host.
<blank>
Displays the threshold set for connections counted in percentages, and the
number of retries for failure to log-in correctly.
connection
Displays the threshold set for connections counted in percentages.
Notes
None
213
Examples
show admin snmp trap
Displays SNMP trap settings. An example of the output is:
tx% show admin snmp trap
Trap Host 1 IP: 192.168.0.74
Trap Host 2 IP:
Generic Traps: disabled
Enterprise Traps: disabled
Authentication Failure Trap: enabled
Trap Connection Threshold: 50
show admin snmp host 1
Displays settings for the SNMP trap host 1.
214
show admin soap

Purpose
Use the show admin soap command to show the configuration of the Simple Object Access
Protocol (SOAP) server. The SOAP server is used with configuration synchronization.
Roles
Role
show admin soap
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-105 can be entered after the show admin soap command.
Table 3-105 show admin soap Options
Options
Value
Description
<blank>
Shows all of the configuration parameters for the SOAP server.
port
Shows the port number for the SOAP server.
ssl
Shows all of the SSL configuration parameters for the SOAP server.
ssl
status
certfile
Shows the SSL certfile filename for the SOAP server.
keyfile
Shows the SSL key file for the SOAP server.
keypass
Shows the SSL key password for the SOAP server.

Shows the status of the SOAP server.
Notes

Examples
215
show admin ssh

Purpose
Use the show admin ssh command to show the SSH configuration. This command tells you if
you can access the appliance using SSH.
Roles
Role
show admin ssh
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-106 can be entered after the show admin ssh command.
Table 3-106 show admin ssh Options
Options
Description
<blank>
Shows the SSH configuration.
status
Shows whether the SSH is up or down.
Notes
None
Example
show admin ssh
Displays the SSH configuration. An example of the output is:
show admin ssh
SSH: up
216
show admin syslog

Purpose
Use the show admin syslog command to show the syslog configuration.
Roles
Role
show admin syslog
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-108 can be entered after the show admin syslog command:
Table 3-107 show admin syslog Options
Options
Description
facility
Shows the current syslog facility
host1
Shows the first configured syslog host.
host2
Shows the second configured syslog host.
port
Shows the syslog port
Notes
None
Example
show admin syslog
Shows the syslog hosts and syslog facilities configuration. An example of the output is:
tx% show admin syslog
SyslogHost1:
SyslogHost2:
SyslogPort: 514
Logging Facility: LOG_USER
tx%
217
show admin tcpdump

Purpose
Use the show admin tcpdump command to show the TCPDump configuration.
Roles
Role
show admin tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-108 can be entered after the show admin tcpdump command:
Table 3-108 show admin tcpdump Options
Options
Description
<blank>
Displays the TCPDump configuration.
filename
Displays the remote file name for the TCPDump.
transport
Displays the transport method use to send the TCPDump information.

The transport method can any of SMTP, TFTP or SCP.
Notes
Refer to tcpdump on page 317 for additional information regarding the TCPDump.
Examples
show admin tcpdump
Shows the TCPDump configuration. An example of the output is:
tx% show admin tcpdump
transport: tftp
filename: tx_dump
mailto2:
show admin tcpdump transport
Shows the transport method used to send TCPDump configuration. An example of the output is:
show admin tcpdump transport
transport: tftp
218
show admin telnet

Purpose
Use the show admin telnet command to show whether telnet is up or down.
Roles
Role
show admin telnet
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-109 can be entered after the show admin telnet command.
Table 3-109 show admin telnet Options
Options
Description
<blank>
Shows the telnet configuration.
status
Shows whether the telnet is up or down.
Notes
None
Example
show admin telnet
Shows the telnet configuration as up or down. An example of the output is:
show admin telnet
Telnet: up
219
show admin tftp

Purpose
Use the show admin tftp command to display the TFTP configuration.
Roles
Role
show admin tftp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin tftp
Shows the TFTP configuration. An example of the output is:
show admin tftp
TFTP Server: lab_tftp
220
show admin tsdump

Purpose
Use the show admin tsdump command to display the Technical Services Dump configuration.
Roles
Role
show admin tsdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-110 can be entered after the show admin tsdump command.
Table 3-110 show admin tsdump Options
Options
Description
<blank>
Displays the TSDump configuration.
filename
Displays the remote file name for the TSDump.
transport
Displays the transport method use to send the TSDump information. The
transport method can be any of SMTP, TFTP, or SCP.
Notes
None
Examples
show admin tsdump
Shows the Technical Services Dump configuration. An example of the output is:
tx% show admin tsdump
transport: tftp
filename: tx_tsdump
mailto2:
show admin tsdump transport
Shows the Technical Services Dump configuration.
221
show admin upgrade

Purpose
Use the show admin upgrade command to show the filename of the appliance pac file
(firmware) to be upgraded.
Roles
Role
show admin upgrade
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-111 can be entered after the show admin upgrade command.
Table 3-111 show admin upgrade Options
Options
Description
<blank>
Shows the upgrade information.
filename
Shows the filename of the upgrade pac file.
transport
Shows the transport method used to install new firmware.
Notes
None
Examples
show admin upgrade filename
Shows the filename of the appliance pac file. An example of
the output is:
tx% show admin upgrade filename
Upgrade Filename: 3_2_3.pac
show admin upgrade transport
Shows the transport method used to install new firmware.
222
show admin vip

Purpose
Use the show admin vip command to show the Virtual IP Address (VIP) of the appliance.
Roles
Role
show admin vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
None
223
show admin webui

Purpose
Use the show admin webui command to show the settings for the Web User Interface (WebUI).
Roles
Role
show admin webui
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-112 can be entered after the show admin webui command.
Table 3-112 show admin webui Options
Options
Description
<blank>
Shows the WebUI configuration.
port
Shows the WebUI administration server listen port. The default

listen port is 8090.1
sessionexpiretime
Shows the timeout for WebUI administration sessions.
ssl
Shows whether the WebUI administration server is using SSL.
status
Shows whether the WebUI administration server is up (enabled) or down (disabled).
1. It is possible to configure WebUI administrator to listen on an IP (10.0.20.0, for example) and use port
8090. At the same time, a cluster of target hosts may be configured to use the same IP and port
(10.0.20.0:8090). When a configuration change is made that requires a restart of the multiplexing engine,
a WebUI administrator page could be displayed. To prevent this from occurring, you should not use the
administrator port as a cluster port.
Notes
None
Examples
show admin webui
Shows the Web Administration Server configuration. An example of the output is:
show admin webui
Port: 8090
SSL Status: disabled
Session Expire Time: 900
Admin: up
224
show admin webui port

Shows the administrative server listen port.
show admin webui status
Shows whether the admin server is up or down.
225
show arp
Purpose
Use the show arp command to display the ARP table.

Roles
Role
show arp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show arp
Displays the current ARP table. An example of the of output is:
tx6% show arp
? (10.0.81.1) at 00:d0:bc:ed:0e:04 on fxp0 [ethernet]
? (10.0.81.10) at 00:e0:18:8a:fc:43 on fxp0 [ethernet]
? (10.0.81.20) at 00:e0:18:8a:fa:fd on fxp0 [ethernet]
? (10.0.81.30) at 00:e0:18:8a:fb:d1 on fxp0 [ethernet]
? (10.0.81.40) at 00:e0:18:84:97:00 on fxp0 [ethernet]
? (10.0.81.50) at 00:e0:18:8a:f3:68 on fxp0 [ethernet]
? (10.0.81.60) at 00:e0:18:89:f0:a1 on fxp0 [ethernet]
tx6%
226
show authentication
Purpose
Use the show authentication command to show the configuration for the authentication cache.
If no option is specified, all information regarding the authentication cache is displayed.
Roles
show authentication
Role
cache
stats
Security Admin
Security Operator
Admin
Network Admin
Network Operator
User
Options
The options shown in Table 3-113 can be entered after the show authentication
command.
Table 3-113 show authentication cache Options
Options
Description
<blank>
Shows all information regarding authentication feature.
cache
Shows information regarding authentication cache.
stats
Shows the statistics for authentication cache.
Notes
None
Examples
None
227
show boot
Purpose
Use the show boot command to show boot partition information.

Roles
Role
show boot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show boot
Shows boot partition information. An example of the output is:
tx% show boot
Boot 1 : E|X 3200 3.2.25 2004-07-06 18:13 PDT 1

Boot 2 (cur,act): E|X 3200 3.3.8 2004-07-28 13:56 PDT 0
tx%
The current partition (cur) indicates the partition that is currently running. The active
partition (act) is the one that will be used after the next reboot. Current and active partitions
can be the same one, as shown in this example.
228
show cache
Purpose
Use the show cache authentication command to show the statistics for the authentication
cache. Use the show cache <name> command to show the configuration for a named cache. If
no name is specified, all caches are displayed.
Roles
show cache
show cache
authentication
<name>
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-114 can be entered after the show cache <name> command.
Table 3-114 show cache <name> Options
Options
Value
Description
<blank>
Shows configuration for the named cache. If no

name is specified, all caches are displayed.
stats
Displays summary cache statistics for the named

cache.
stats
<number>
Displays detailed cache statistics for the named

cache.
The parameter <number> limits the number of
elements reported in the Hit Count, Least Recently Used (LRU), and Most Recently Used
(MRU) sections.
stats
<seconds>
Repeatedly displays detailed cache statistics for

the named cache every <seconds> number of
seconds.
<name | all>
stats
detail
[summary | object_size |
content_type |
hit_count <number> |
MRU <number> |
LRU <number> ]
Shows detailed statistics on the object based on

criteria selected. If no criteria are selected, the
statistics for all criteria are shown. LRU is the
Least Recently Used element, and MRU is the
Most Recently Used element. Where the commands take an optional <number> argument,
the <number> limits the count of printed records.
The valid range for <number> is
1 - 100, and it defaults to 100.
Notes
None
229
Examples
show cache secureImages stats detail object_size
Displays the summary cache statistics for the cache named secureImages based on the object size:
Object Size Statistics:
Object Size
(bytes)
# Objects
# Hits
---------------- ------------ -----------1 - 256
0
0
256 - 512
1
12
512 - 1K
4
48
1K - 2K
6
72
2K - 4K
1
12
4K - 8K
3
36
8K - 16K
1
12
16K - 33K
0
0
33K - 66K
1
12
66K - 131K
0
0
131K - 262K
0
0
262K - 524K
0
0
1M+
0
0
show cache secureImages stats detail content_type
Displays cache statistics for the cache named secureImages based on the content type:
Content-Type Statistics:
Content-Type
# Objects # Hits
-------------------------------- ---------- ---------image/jpeg
3
36
text/html
1
12
image/gif
13
156
show cache secureImages stats detail hit_count 5
Displays cache statistics for the cache named secureImages based on the hit count:
Size # Hits
Cache Time Order
------- -------- ---------- --------2K
12
321
1
3K
12
321
2
2K
12
321
3
1K
12
321
4
1K
12
321
5
URL
-------------------------/images/FossilLogo.gif
/images/bb120x30.jpg
/images/main_pg.gif
/images/yahoo_120X30.gif
/images/yahoo_10_61.gif
show cache secureImages stats detail MRU 3

Size # Hits
Cache Time Order
------- -------- ---------- --------2K
12
321
1
3K
12
321
2
2K
12
321
3
230
URL
-------------------------/images/FossilLogo.gif
/images/bb120x30.jpg
/images/main_pg.gif
show capacity <seconds>

Purpose
Use the show capacity command to show the capacity of the system, where <seconds> is time
intervals for printing the next row. The values shown are averaged over the last 60 seconds.
Roles
show capacity
<seconds>
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
The output of this command is:

CPU
Memory
(%used)
60
(%used)
40
Network
ether0
ether1
(bytes in) (bytes out)(bytes in) (bytes out)
1,210,000 1,210,000 1,210,000 1,210,000
The CPU value shows the percentage in use by users and the system (combined average over
the last 60 seconds).
The Memory value shows the percentage of memory used in the system (average over the last
60 seconds).
The Network value shows the bytes per second for interface ether0 and ether1 (average over the
last 60 seconds).
231
show clock
Purpose
Use the show clock command to show the time and date.
Roles
Role
show clock
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The output of the show clock command is in the following format:

<YYYY.MM.DD HH:MM:SS TZ>
Where
YYYY = year
MM = month
DD = day
HH = hour
MM = minute
SS = second
TZ = timezone
Example
show clock
Shows date and time. An example of the output is:
2002.08.14 14:22:06 PDT.
232
show cluster <name>

Purpose
Use the show cluster <name> command to show the configuration for a specific cluster.
Roles
show cluster <name>
aaa
authentication
Role
Admin
apprule
busy
redirect
cache
connbind
convert302
protocol
dsr
health
Network Admin
Network Operator
Security Admin
Security Operator
User
X
X
show cluster <name>

Role
listen
Admin
Network Admin
Network Operator
listen
ssl owa
X
stats
sticky target target host transparency weblog
page 251
page 257
page 251
page 257
page 251
page 257
Security Admin
page 251
page 257
Security Operator
page 251
page 257
User
page 251
page 257
Options
The options shown in Table 3-115 can be entered after the show cluster <name> command.
Table 3-115 show cluster <name> Options
Options
Values
<blank>
aaa
authentication 3
Description
Shows all cluster configurations.
<blank>
Shows all of the authentication parameters that have

been set for the cluster.
cache
Shows all of the authentication cache parameters that

have been set for the cluster.
status
Shows the status of authentication cache (enabled/

disabled).
maxage
Shows the maximum time that an authentication

cache entry will be stored.
cache
method
Shows the method of authentication that will be used

for the cluster.
233

Options
Values
Description
<blank>
This command shows all parameters related to LDAP.
anonymous
This command shows whether anonymous access to

the LDAP database is allowed.
base-dn
This command shows the root distinguished name.
bind-dn
This command shows the bind user distinguished

name.
gid
This command shows the Group ID for the cluster.
server 1
This command shows the IP address and port of the

first LDAP server (server 1) that will be used for the
cluster.
server 2
This command shows the IP address and port of the

second LDAP server (server 2) that will be used for
the cluster.
ssl
Shows both LDAPS Status: <status> and the

LDAPS cacertfile: <filename>.
ldap
ssl
aaa
authentication 3
234
Shows the LDAPS cacertfile: <filename>.
status
Shows the LDAPS Status: <status>.
uri
Shows the LDAPS uri
uid
This command shows the User ID for the cluster.
version
This command shows the LDAP protocol version that

is in use.
This command shows the aaa authentication password.
password
radius server
cacertfile
<blank>
Shows all settings for the Radius server that will be

used for the cluster, including the authentication key,
the number of retries, the server IP address and port
number, and the timeout value.
key
Shows the authentication key for the Radius server

that will be used for the cluster.
retries
Shows the number of retries for the Radius server that

will be used for the cluster.
Shows the IP address and port number of the first Radius server (server 1) that will be used for the cluster.
Shows the IP address and port number of the second

RADIUS server (server 2) that will be used for the
cluster.
timeout
Shows the timeout value for the Radius server that will
be used for the cluster.

Options
aaa
authentication 3
redirect
Values
Description
<blank>
This command shows all parameters related to redirect.
host
Shows the remote host from where the URL will be retrieved.
protocol
Shows the protocol used when retrieving the password change custom page.
status
Shows whether Redirect on a password change flag

set is enabled or disabled.
url
Shows the URL used when the ldap server or active

directory sends a password change flag.
This command is used to show the authentication
HTML message that will be used for the cluster.
response
Shows all cluster configurations. No subcommands

may follow the all command.
all
Shows the AppRule configuration settings for a particular cluster.
<blank>
limit
retrypost
Shows the limit retry post.
ruleset
Shows the AppRule ruleset for a particular cluster.

<blank | all>
Shows all AppRule statistics for all of the clusters.
ptc
[M|all]
Shows the Page Translator Content (PTC) statistics

for one or all of the clusters. M represents the rule
number.
pth
[M|all]
Shows the Page Translator Header (PTH) statistics

for one or all of the clusters. M represents the rule
number.
rs
[M|all]
Shows the Request Sentry (RS) statistics for one or all

of the clusters. M represents the rule number.
rth
[M|all]
Shows the Request Translator Header (RTH) statistics for one or all of the clusters. M represents the rule
number.
apprule1
stats
cache
cache
connbind
status
Shows the AppRule status for a particular cluster (enabled or disabled).
<blank>
Shows the caches associated with a cluster.
stats
Shows target host-like statistics relating to the traffic a

cluster is routing to a cache. If an http is specified,
only the HTTP stats are shown. If io is specified, only
the
I/O stats are shown. If neither is specified, both sets
are shown.
[http | io]
<blank>
Shows the connection binding settings.
status
Shows the status (up/down) of connection binding.
convert302protocol
Shows the cluster HTTP 302 protocol conversion configuration.
description
Shows the description information for the cluster.
dsr
<description>
Shows the cluster Direct Server Return (DSR) status.
235

Options
health
Values
Description
<blank>
Shows the content health check settings.
interval
Shows the health check interval.
resume
Shows the number of times the health check failed before the appliance declares the target server down.
retry
Shows the number of health check retries.
returncode
Shows the expected health check returncode.
size
Shows the expected size of the health check response.
status
Shows the status of health checking.
string
Shows the expected string in the health check response.
timeout
Shows the timeout value; the maximum time (in seconds) that the appliance will wait for the last byte of
the HTTP response, measured from the time that the
GET request was sent.
urlpath
Shows the urlpath to use for health check.
useragent
Shows the user agent for health check requests.
<blank>
Shows the cluster listener configuration.
port
Shows the cluster listen port.
ssl
Shows the cluster listen SSL. Refer to show cluster

<name> listen ssl on page 247 for additional information.
Shows the method used when all target hosts are

down:
listen
targetsdown
owa 2
236
finclient refers to the historical behavior of allowing the client to connect and then subsequently
closing down the connection with a FIN.
blackhole refers to the current behavior of dropping all packets sent to the cluster that has all of its
target hosts down.
redirect <url> refers to the new behavior of redirecting clients with an HTTP 302 reply to the new
location specified in <url>. The URL is specified as:
http[s]://<server>[:port][/path/resource]
vip
Shows the cluster virtual IP address.
<blank>
Show the Outlook Web Access (OWA) configuration.
status
Show the status of Outlook Web Access (OWA).

Options
Values
Description
Shows all statistics for the cluster. See show cluster
<name | all> stats on page 251 for more information.
<blank>
aaa 3
stats
authentication
Shows the authentication status for the cluster.
authorization
Shows the authorization status for the cluster.

Shows the health status information for the cluster.
history
Shows the statistics history for the cluster. See show

cluster <name | all> stats history on page 253 for
more information.
http
Shows the HTTP status information for the cluster.
io
Shows the IO status information for the cluster.
ssl
Shows the SSL status information for the cluster.
<blank>
Shows the sticky configuration for the cluster.
sticky
cookie
transparency
Shows the authentication and authorization status for

the cluster.
health
clientip
target
<blank>
<blank>
Shows the client IP-based sticky configuration.
distribution
Shows the client IP-based sticky distribution method.
timeout
Shows the client IP timeout configuration.
<blank>
Shows the cookie-based sticky configuration.
expire
Shows the cookie expire time configuration.
mask
Shows the sticky mask configuration.
method
Shows the sticky method configuration.
<blank>
Shows the cluster target configuration and local IP.
host
Shows all target hosts in the cluster. Refer to show

cluster <name> target host <ip:port | all> stats on
host
all
stats
host
<ip:port> stats
Shows all target hosts in the cluster.

Shows the specified cluster target host.
localip
Show the local IP setting for the cluster.
name
Show the clusters target name.
ssl
Show the cluster target SSL. Refer to show cluster

<name> target ssl on page 260 for additional information.
status
Shows the health of the target server based on layer

7 health check.
<blank>
Show the Client IP Transparency status.
237

Options
Values
Description
<blank>
Show the weblog settings for the cluster.

<blank>
Shows all of the configuration parameters associated

with the Web Log batch feature.
compression
Shows whether the Web Log will be sent to the syslog

host in compressed form or native format.
copy
<blank>
Shows both the copy size and the copy time for weblog batch storage.
size
Shows the size of the compressed file to copy (the

size of the two data buffers) and the total remaining
memory available for weblog batch storage.
time
Shows the times when the Web Log will be transmitted to the configured syslog server.
<blank>
Show the weblog failure settings for the cluster.
batch
failure
weblog
retryinterval Shows the retry interval (in seconds) in case of copy

failure.
host
scp
scp
Shows the host where the Web Log will be copied.

<blank>
Shows all of the configuration parameters associated

with the remote SCP target directory.
directory
Shows the remote SCP target directory.
keyfile
Shows the (non-password protected) private key.
username
Shows the remote SCP username.
destination
Shows the destination for the weblog.
format
Shows the currently selected format for the weblog.
status
Shows if cluster logging is enabled or disabled.
syslog
<blank>
Shows all parameters for the weblog syslog function.
host
Shows cluster weblog syslog log host address
port
Shows the weblog syslog port.
1.The apprule commands require an AppRule license.

2.The owa commands require an OWA license.
3.The stats aaa commands require an Authentication/LDAP license.
Notes
The results that you see when you type the show cluster or show cluster all commands depends
on the roles that have been assigned to you. You will only see the cluster information that you
are allowed to see by virtue of your role. See the individual show cluster subcommands to
determine what commands your role supports.
The show cluster all command can not take any subcommands. Adding a subcommand after
the keyword all will return an error.
238
Table 3-116 shows notes on the number of connections referred to in the health listings.
Table 3-116 Notes on Number of Connections
Parameter
Description
Total
Total Number of connections created.
In Use
Number of successful connections made to the target server.
Hot
Number of successful connections available for use by incoming client requests.
Cold
Number of connections available to clients that are not currently connected to target servers.
Discards
Number of connections discarded by the appliance.
Examples
show cluster
show cluster all
show cluster 1 listen ssl
Shows cluster 1 listen SSL status.
show cluster 1 target
Shows cluster 1 target configuration.
show cluster 1 health
Shows the content health check settings for cluster 1.
show cluster 1 transparency
Shows the Client IP Transparency status.
show cluster 1 stats io
239
Shows the IO status information for the cluster. An example is shown below:
tx6% show cluster 1 stats io
IO Statistics - cluster 1 listen
Current State Up
Bytes In (Req from Clients) 107.16MB
Bytes Out (Resp to Clients) 146.34MB
Current Client Connections 0
Total Client Connections 315.22K
Refused Client Connections 0
IO Statistics - cluster 1 target host all
Bytes In (Resp from Servers) 68.89MB
Bytes Out (Req to Servers) 120.67MB
IO Statistics - cluster 1 physical target all
Current Active Server Conns 16
Current Idle Server Conns 629
Total Server Connections 17.06K
Passed Health Chks (Server OK) 43.88K
Failed Health Chks (Server Down) 4.13K
240
show cluster 1
Shows the cluster configuration. A sample of the show cluster 1 command output is:
Cluster [1]
Listen Port: 80
Listen VIP: 192.168.4.145
Listen Netmask: 255.255.255.255
Listen SSL Status: Disabled
Listen Protocol: sslv23
Listen Certfile:
Listen Keyfile:
Listen Keypass: none
Listen Ciphersuite: all
Targetname: mywebserver.redlinenetworks.com
Target SSL Status: Disabled
Target Protocol: tlsv1
Target Certfile:
Target Keyfile:
Target Keypass: none
Target Ciphersuite: common
Target Timeout: 1440
Health Check Status: enabled
Health Check Interval: 2
Health Check Retry: 4
Health Check Resume: 2
Health Check Url Path: /index.html
Health Check Return Code: 200
Health Check Size: -1
Health Check String:
Sticky Method: None
Sticky Cookie Expire: 0
Sticky Cookie Mask: ipport
Sticky Client IP Timeout: 120
Sticky Client IP Timeout Distribution: 120 internet
DSR Status: Disabled
Convert 302 Protocol Status: Disabled
Busy redirect URL: www.foobar.com
Log status: disabled
Log Format: common
Log Syslog Host:
Log Syslog Port: 514
DSR Status: disabled
TargetHosts:
[1] 166.218.71.87:80 (enabled)
241
show cluster 1 stats health

Shows the health of the target servers in cluster 1. An example is:
tx6% show cluster 1 stats health
Health Check Status: enabled
TargetHosts:
[ 1] 10.0.41.10:80 TCP Layer Down; Connection Timed
Total:006 In Use:002 Hot:000 Cold:004 Discards:000
[ 2] 10.0.41.20:80 Up
[ 7] 10.0.61.50:80 Up
[ 8] 10.0.61.60:80 Up
[10] 10.0.61.80:80 Up
[11] 10.0.61.90:80 TCP Layer Down; Connection Timed
[12] 10.0.71.10:80 Up
[13] 10.0.71.20:80 TCP Layer Down; Connection Timed
[14] 10.0.71.30:80 Up
[15] 10.0.81.10:80 Up
[16] 10.0.81.20:80 Up
[17] 10.0.81.30:80 Up
[18] 10.0.81.40:80 Up
[19] 10.0.81.50:80 Up
[20] 10.0.81.60:80 Up
242
Out
Out
Out
Out
Out
Out
Out
Out
show cluster 1 stats http

Shows the http status of the target servers in cluster 1. An example is:
tx6% show cluster 1 stats http
HTTP Statistics - cluster 1 listen
Requests from Clients:
Requests Active (No reply yet) 0
Requests Total 315.19K
Method
Method
Method
Method
Method
GET 315.19K
POST 0
HEAD 0
PUT 0
Other 0
Version HTTP/1.1 315.19K

Version HTTP/1.0 0
Version Other 0
Browser
Browser
Browser
Browser
Browser
Browser
Browser
Browser
IE 6.0 315.19K
IE 5.5 0
IE 5.0 0
IE 4.x 0
IE Other 0
Netscape 0
Opera 0
Other 0
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
request line too long 0

method 0
HEAD with 0.9 0
POST (no length) 0
POST (length < 0) 0
POST (length = 0) 0
header 0
header line too long 0
PUT (no length) 0
PUT (length < 0) 0
PUT (length = 0) 0
HTTP Statistics - cluster 1 target host all

Responses from Servers:
Response Code 100 0
Response Code 200 315.16K
Response Code 302 0
Response Code 304 0
Response Code 3xx 0
Response Code 404 0
Response Code 4xx 0
Response Code 5xx 28
Response Code Other 0
243
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Types from Servers:

GIF 0
JPEG 0
HTML 315.16K
CSS 0
XML 0
PLAIN 0
JAVASCRIPT 0
FLASH 0
OCTET-STREAM 0
MS-WORD 0
MS-EXCEL 0
MS-POWERPOINT 0
Custom-1 0
Custom-2 0
Custom-3 0
Other 0
Content Bytes from Servers:

Bytes In GIF 0
Bytes In JPEG 0
Bytes In HTML 616.08MB
Bytes In CSS 0
Bytes In XML 0
Bytes In PLAIN 0
Bytes In JAVASCRIPT 0
Bytes In FLASH 0
Bytes In OCTET-STREAM 0
Bytes In MS-WORD 0
Bytes In MS-EXCEL 0
Bytes In MS-POWERPOINT 0
Bytes In Custom-1 0
Bytes In Custom-2 0
Bytes In Custom-3 0
Bytes In Other 0
Content Bytes to Clients:
Bytes Out GIF 0
Bytes Out JPEG 0
Bytes Out HTML 7.96MB
Bytes Out CSS 0
Bytes Out XML 0
Bytes Out PLAIN 0
Bytes Out JAVASCRIPT 0
Bytes Out FLASH 0
Bytes Out OCTET-STREAM 0
Bytes Out MS-WORD 0
Bytes Out MS-EXCEL 0
Bytes Out MS-POWERPOINT 0
Bytes Out Custom-1 0
Bytes Out Other 0
244
show cluster 1 stats ssl

Shows the SSL status information for the cluster. An example of the output is:
tx6% show cluster 1 stats ssl
SSL Statistics - cluster 1 listen
New Sessions 0
Reused Sessions 0
Strong Encryption 0
Export Encryption 0
Version
Version
Version
Version
SSLv2
SSLv3
TLSv1
Other
0
0
0
0
SSL Statistics - cluster 1 target host all

New Sessions 0
Reused Sessions 0
Strong Encryption 0
Export Encryption 0
Version
Version
Version
Version
SSLv2
SSLv3
TLSv1
Other
0
0
0
0
245
show cluster <name> apprule

Purpose
Use the show cluster <name> apprule command to show the application rule parameters for
a specific cluster.
Roles
show cluster <name> apprule
Role
limit
ruleset
stats
status
Admin
Network Admin
Network Operator
Security Admin
X
X
Security Operator
User
Options
The options shown in Table 3-117 can be entered after the show cluster <name> apprule
command.
Table 3-117 show cluster <name> apprule Options
Options
Value
Variable
Shows all of the AppRule configuration settings for a particular cluster.
<blank>
limit
[blank]
Displays the AppRule retrypost limit.
retrypost
Displays the AppRule retrypost limit.
ruleset
stats
status
Description
Shows the AppRule ruleset for a particular cluster.

[blank | all]
Shows all AppRule statistics for all of the clusters.
ptc
[M|all]
Shows the Page Translator Content (PTC) statistics for one

or all of the clusters.
pth
[M|all]
Shows the Page Translator Header (PTH) statistics for one

or all of the clusters.
rs
[M|all]
Shows the Request Sentry (RS) statistics for one or all of the
clusters.
rth
[M|all]
Shows the Request Translator Header (RTH) statistics for

one or all of the clusters.
Shows the AppRule status for a particular cluster (enabled
or disabled).
Notes
In each of the statistical commands (stats), M represents the rule number. Refer to the
Installation and Administration Guide for more information.
246
show cluster <name> listen ssl

Purpose
Use the show cluster <name> listen ssl command to show the configuration of the SSL listen
parameters for a specific cluster.
Roles
Role
Admin
show cluster <name>

listen ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-118 can be entered after the show cluster <name> listen ssl
command.
Table 3-118 show cluster <name> listen ssl Options
Options
Description
<blank>
Shows the cluster listen SSL configuration.
certfile
Shows the cluster listen SSL certfile.
cipherfile
Shows the cluster listen SSL cipherlist file name.
cipherlist
Shows the cluster listen SSL cipherlist (actual list) of cipher suites that
are being used. Showing the cipherlist will print out a detailed line for
each cipher suite, showing the name, version, key exchange, authentication, encryption, and hash methods.
ciphersuite
Shows the cluster listen SSL cipher suite.
clientauth 1
Shows the SSL client certification. Refer to set cluster <name> listen
ssl on page 139 and show cluster <name> listen ssl clientauth on
ephkeyfile
Shows the ephemeral key file name.
keyfile
Shows the cluster listen SSL keyfile.
protocol
Shows the cluster listen SSL protocol.
status
Shows the cluster listen SSL status.
Notes
247
Examples
show cluster 1 listen ssl
Shows the cluster 1 listen SSL information.
show cluster 1 listen ssl ciphersuite
Shows the cluster 1 listen SSL cipher suite settings.
248
show cluster <name> listen ssl clientauth

Purpose
Use the show cluster <name> listen ssl clientauth command to show the configuration of the
SSL client authentication parameters for a specific cluster. This feature is only available on the
E|X Enterprise Application Processor product line.
Roles
show cluster <name>
listen ssl clientauth
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-119 can be entered after the show cluster <name> listen ssl
clientauth command.
Table 3-119 show cluster <name> listen ssl clientauth Options
Options
Value
Description
<blank>
Shows the SSL client authentication configuration.
authtype
Shows the type of authentication being used.
cacertfile
Shows the setting for the CA certfile.
cacrlfile
Shows the setting for the CA CRL file.
catrustfile
Shows the setting for the CA-trusted certificate file.
forwardclientcert
status
<blank>
Shows all of the settings for the client authentication forwardclientcert feature.
format
Shows all of the settings for the client authentication forwardclientcert format.
status
Shows all of the settings for the client authentication forwardclientcert headername.
<blank>
Shows the listen SSL clientauth status.
Notes
None
249
Examples
show cluster 1 listen ssl clientauth
Shows SSL client authentication settings for cluster 1.
Sample output as follows:
tx% show cluster 1 listen ssl clientauth
Client Authentication: enabled
CA Certfile: ca_cert_list.cert
CA CRL File: ca_crl_list.crl
CA Trust File: ca_trusted_list.cert
show cluster 1 listen ssl clientauth
Show all of the settings for the client authentication feature. Sample output as follows:
ex% show cluster 1 listen ssl clientauth
Client Authentication Type: local
<------ added
Client Certificate Forwarding: disabled <------ added
Client Certificate Forwarding Format: PEM <----- added
show cluster <name> listen ssl clientauth status
Shows whether or not client authentication is enabled or not.
Example:
ex% show cluster 1 listen ssl clientauth status
Client Authentication Type: local
<------ added
Client Certificate Forwarding: disabled <------ added
show cluster <name> listen ssl forwardclientcert format
Show all of the settings for the client authentication forwardclientcert format.
Example:
ex% show cluster 1 listen ssl clientauth forwardclientcert format
Client Certificate Forwarding Format: PEM
250
show cluster <name | all> stats

Purpose
Use the show cluster <name | all> stats command to display the I/O, HTTP or SSL statistics
for a specific cluster or for all clusters.
Roles
show cluster <name | all> stats
Role
health
history
io | http
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-120 can be entered after the show cluster <name | all> stats
command.
Table 3-120 show cluster <name | all> stats Options
Options
Description
<blank>
Displays the I/O, HTTP, and SSL statistics for a specific cluster or for all
clusters.
auth
Show the authentication statistics for the named cluster or all clusters.
health
Shows the health statistics information for the cluster.
history
Shows the history information for the cluster. For more information, see show
cluster <name | all> stats history on page 253.
http
Displays the HTTP statistics for a specific cluster or for all clusters.
io
Displays the I/O, HTTP, and SSL statistics for a specific cluster or for all
clusters.
ssl
Displays the SSL statistics for a specific cluster or for all clusters.
Notes
None
Examples
show cluster 1 stats
Displays the I/O, HTTP, and SSL statistics for cluster 1.
show cluster all stats
Displays the I/O, HTTP, and SSL statistics for all clusters.
251
show cluster all stats io

Displays the I/O statistics for all clusters.
show cluster 1 stats ssl
Displays the SSL statistics for cluster 1.
252
show cluster <name | all> stats history

Purpose
Use the show cluster <name | all> stats history command to display the history statistics for
a specific cluster or for all clusters.
Roles
show cluster <name | all>
stats history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-121 can be entered after the show cluster <name | all> stats
command.
Table 3-121 show cluster <name | all > stats history Options
Options
Value
listen
http
target
Description
<blank>
Shows the HTTP statistics for the named cluster or all clusters.
browser
Shows the connections by the type of browser. The browsers monitored are shown in Table 3-122.
method
Shows the request method. The methods that are monitored are shown in Table 3-123.
req-err
Shows the illegal requests. The illegal requests are shown

in Table 3-124.
request
Shows the number of active client requests.
version
Shows the client browser version as shown in Table 3-125.
<blank>
Shows the HTTP statistics for the named cluster or all clusters.
bytesin
Shows the target bytes from servers sorted by content type

as shown in Table 3-126.
bytesout
Shows the target bytes sent to users sorted by content type

content
Shows the types of content handled sorted by content type

response code
Shows the quantity of each type of response code handled.

(Response Code 101, etc.)
253
Table 3-121 show cluster <name | all > stats history Options
Options
Value
Description
listen
Shows the client-side I/O statistics for the cluster, including:

Bytes In (Req from Clients)
Bytes Out (Resp to Clients)
Current Client Connections
Total Client Connections
Refused Client Connections
target
Shows the server-side I/O statistics for the cluster, including:

Bytes Out (Resp to Clients) Current Active Server Conns
io
ssl
Shows the SSL statistics for the cluster including the number of:
New Sessions
Reused Sessions
Sessions with Strong Encryption
Sessions with Export Encryption
Sessions using Version SSLv2
Sessions using Version TLSv1
Sessions using Version Other
status
Shows the status of the historical stats feature (enables or

disabled).
Notes
The statistics collected are in the categories shown below.

Table 3-122 Browsers
Browser
254
IE 6.0
Netscape 6
IE 5.5
Mozilla
IE 5.1
Opera
IE 5.0
Konquerer
IE 4.x
Safari
IE Other
None
Netscape 4
Other
Table 3-123 Methods

Method
GET
COPY
SEARCH
LABEL
HEAD
MOVE
SUBSCRIBE
MERGE
POST
LOCK
UNSUBSCRIBE
BASELINE-CONTROL
PUT
UNLOCK
X-MS-ENUMATTS
MKACTIVITY
DELETE
BCOPY
VERSION-CONTROL
BIND
TRACE
BDELETE
REPORT
MKRESOURCE
OPTIONS
BMOVE
CHECKOUT
ORDERPATCH
CONNECT
BPROPFIND
CHECKIN
ACL
PROPFIND
BPROPPATCH
UNCHECKOUT
Other
PROPPATCH
NOTIFY
MKWORKSPACE
MKCOL
POLL
UPDATE
Table 3-124 Request Errors

Request Errors
Illegal request line too long
Illegal header line too long
Illegal method
Illegal PUT (no length)
Illegal 0.9 method
Illegal PUT (length < 0)
Illegal POST (no length)
Illegal PUT (length = 0)
Illegal POST (length < 0)
Disallowed HTTP Method
Illegal POST (length = 0)
Disallowed WebDAV Method
Illegal Header
Table 3-125 Request Version

Version
HTTP/1.1
HTTP/1.0
Other
255
Table 3-126 Content Types

Content Types
GIF
OCTET-STREAM
JPEG
MS-WORD
HTML
MS-EXCEL
CSS
MS-POWERPOINT
XML
Custom-1
PLAIN
Custom-2
X-COMPONENT
Custom-3
JAVASCRIPT
Other
FLASH
Examples
ex% show cluster 1 stats history status
Historical Stats Status: enabled
Shows whether historical stats are enabled or disabled
256
show cluster <name> target host <ip:port | all> stats

Purpose
Use the show cluster <name> target host <ip:port | all> stats command to display the I/O,
HTTP or SSL statistics for a specific target host or for all target hosts in a cluster.
Roles
show cluster <name> target host <ip:port | all> stats
Role
http
io
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-127 can be entered after the show cluster <name> target host
[M | all] stats command.
Table 3-127 show cluster <name> target host <ip:port | all> stats Options
Options
Description
<blank>
Displays the I/O, HTTP and SSL statistics for a target host or all target hosts
in a cluster.
history
Displays the history for a target host. For more information, see show cluster
<name> target host <ip:port | all> stats history on page 258.
http
Displays the HTTP statistics for a target host or for all target hosts in a cluster.
io
Displays the I/O statistics for a target host or for all target hosts in a cluster.
ssl
Displays the SSL statistics for a target host or for all target hosts in a cluster.
Notes
None
Examples
show cluster 1 target host all stats
Displays the I/O, HTTP, and SSL statistics for all target hosts in cluster 1.
show cluster 1 target host all stats io
Displays the I/O statistics for all target hosts in cluster 1.
show cluster 1 target host 1 stats http
Displays the HTTP statistics for target host 1 in cluster 1.
257
show cluster <name> target host <ip:port | all> stats history

Purpose
Use the show cluster <name> target host <ip:port | all> stats history command to display
the history statistics for a specific target host or for all target hosts.
Roles
show cluster <name>
target host <ip:port | all>
stats history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-128 can be entered after the show cluster <name> target host
<ip:port | all> stats history command.
Table 3-128 show cluster <name | all > target host <ip:port | all> stats history Options
Options
http
io
258
Value
Description
<blank>
Shows all of the HTTP statistics for a clusters target host.
bytesin
Shows the number of bytes from the target host sorted by

content type as shown in Table 3-126.
bytesout
Shows the number of bytes sent to users sorted by content

type as shown in Table 3-126.
content

response code

<blank>
Shows all of the IO statistics for a clusters target host.
bytesin

bytesout

Table 3-128 show cluster <name | all > target host <ip:port | all> stats history Options
Options
Value
ssl
<blank>
Description
Shows all of the SSL statistics for a clusters target host.
Shows the SSL statistics for the target host including the
number of:
New Sessions
Reused Sessions
ssl
Notes
None
Examples
259
show cluster <name> target ssl

Purpose
Use the show cluster <name> target ssl command to show the SSL target configuration of a
cluster.
Roles
show cluster <name>
Role
Admin
target ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-129 can be entered after the show cluster <name> target ssl
command.
Table 3-129 show cluster <name> target ssl Options
Options
Description
<blank>
Shows the target server SSL configurations.
certfile
Shows the target server SSL certfile.
cipherfile
cipherlist
each ciphersuite, showing the name, version, key exchange, authentication, encryption, and hash methods.
ciphersuite
Shows the target server SSL cipher suite.
keyfile
Shows the target server SSL keyfile.
protocol
Shows the target server SSL protocol.
status
Shows the target server SSL status.
timeout
Shows the target server SSL timeout.
Notes

Examples
show cluster 1 target ssl
Shows the cluster target server SSL information.
260
show cluster 1 target ssl ciphersuite

Shows cluster 1 target server SSL ciphersuite settings.
261
show commands
Purpose
Use the show commands to show the command list.

Roles
Role
show commands
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show commands
Shows the commands list.
262
show config
Purpose
Use the show config command to show the configuration in the memory.
Roles
Role
show config
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show config
Shows the current configuration. An example of the command output is:
------- Hostname, Date, & Time -----Hostname: tx2.redlinenetworks.com
2002.08.14 14:19:12 PDT
Timezone: America/Los_Angeles
NTP server1: www.foobar.com
NTP: down
------------ Network ------------Domain: redlinenetworks.com
Nameserver1: 192.168.0.2
ether0: IP address = 10.0.22.50 netmask =
255.255.255.0
ether0: MAC = 00:e0:81:04:a0:06 MTU = 1500
ether0 media: 100baseTX full-duplex (100baseTX fullduplex) Status: active
ether0 supported media options:
[1] 10baseT/UTP
[3] 100baseTX
[5] autoselect
263
ether1: IP address = 10.10.1.2 netmask = 255.255.0.0

ether1: MAC = 00:e0:81:04:a0:07 MTU = 1500
ether1 media: autoselect (none) Status: no carrier
[1] 10baseT/UTP
[3] 100baseTX
[5] autoselect
------------ Clusters ------------Cluster [1]
Listen Port: 80
Listen VIP: 192.168.4.145
Virtual IP Netmask: 255.255.255.255
Busy redirect URL: www.foobar.com
Listen SSL Status: Disabled
Listen Certfile:
Listen Keyfile:
Targetname: mywebserver.redlinenetworks.com
Target SSL Status: Disabled
Target Protocol: tlsv1
Target Certfile:
Target Keyfile:
Target Keypass: none
Target Ciphersuite: common
Target Timeout: 1440
Sticky Method: None
Sticky Mask: IP-Port
Sticky Client IP Timeout: 120
DSR Status: Disabled
Convert 302 Protocol Status: Disabled
Log status: disabled
Log Format: common
Log Syslog Host:
Log Syslog Port: 514
TargetHosts:
----------- Forwarders ----------------------- Server ------------Failover Status: Disabled
Server: up
264
----- Web Administration Server ----Port: 8090

SSL Status: Disabled
Admin: up
Session Expire Time: 900
Admin Interface:
VIP Address:
VIP Broadcast: 0.0.0.0
VIP Netmask: 255.255.255.255
------------ SNMP ------------System contact: Unknown
System location: Unknown
SNMP community name: public
SNMP community IP: 192.168.0.0
SNMP community netmask: 255.255.0.0
SNMP: down
------------ Terminal Services ------------SSH: up
Telnet: up
265
show dashboard
Purpose
Use the show dashboard command to display a summary view of the overall health of the
appliances memory, CPU status, VIP and Target server health status, connections count, and
bytes savings.
Roles
Role
show dashboard
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Example
show dashboard
Shows the status of the appliance, VIP, and target servers. An example of the command output is:
% show dashboard
Start Time:
July 27, 12:04
Current Time: July 31, 14:26
Uptime:
4 days 2 hours, 22 minutes
T|X Health:
---------------------------------Memory
- OK.
CPU
- OK.
Network - OK.
VIP and Target Server Health:
---------------------------------Cluster 1 - 216.136.145.168 - (up)
Target 1 192.168.0.5 (up)
Target 2 192.168.0.6 (up)
Target 3 192.168.0.7 (up)
266
Cluster 2 - 216.136.145.169 - (up)

Target 1 192.168.0.8
(**TCP Layer Down; Connection Timed Out**)
Target 3 192.168.0.9 (up)

Target 3 192.168.0.10 (disabled)
Performance (Last 4 days 2 hours, 22 minutes)
---------------------------------Connections Accepted:
6,725,256 (6.7M)
Connections Refused:
0 (0)
Requests Processed:
11,215,369 (11.2M)
Bytes Saved:
25,365,256,263 (25 GB)
Avg. Connections/Day
Avg. Requests/Day
Avg. Bytes Saved/Day
156,263 (156K)
257,896 (257K)
238,005,365 (238M)
Byte Savings:
---------------------------------Since clearing the stats on July 27, 12:04 this Redline appliance
has saved a total of 25,365,256,263 bytes.
How long would it take to transfer that much data
over various links?
A T-1 user would need: 1 year, 4 months, 3 days
A DSL user would need: 3 years, 6 months, 12 days
A 56K user would need: 12 years, 2 months, 0 days
267
show dns
Purpose
Use the show dns command to show the Domain Name Service (DNS) options.
Roles
Role
show dns
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-130 can be entered after the show dns command.
Table 3-130 show dns Options
Options
Value
Description
<blank>
Shows DNS options.
domain
Shows the name service domain.
server
N | blank
Shows the specified name server. N is optional, and can

have a value of 1, 2, or 3. Blank = all.
Notes
None
Examples
show dns
Displays both the name server and the domain.
show dns domain
Displays just the domain (i.e., foobar.com).
show dns server 1
Displays the IP address of the domain name server.
268
show ether n
Purpose
Use the show ether n command to show the settings for ethernet interfaces.
Roles
Role
show ether n
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-131 can be entered after the show ether n command.
Table 3-131 show ether n Options
Options
Description
<blank>
Shows the settings for ethernet interfaces.
ip
Shows the IP address.
mac
Shows the MAC for an interface.
media
Shows the media configuration for an interface.
mtu
Shows the MTU for an interface.
netmask
Shows the netmask.
subnet
Shows all the subnets for an interface.
Notes
Ether N may be ether 0 or ether 1.

ether 0 is for user traffic and in band administration.
ether 1 is for heart beat traffic ensuring that the appliance is active and there is no need
to cut over to the standby appliance.
The following is a sample of ether 0 output:
ether0: IP address = 10.0.22.50 netmask = 255.255.255.0
ether0: broadcast 10.0.255.255
ether0: MAC = 00:e0:81:04:a0:06 MTU = 1500
ether0 media: 100baseTX full-duplex (100baseTX full-duplex) Status:
active
[1] 10baseT/UTP
[3] 100baseTX
269

[5] autoselect
The MTU (Maximum Transmission Unit) should be set to 1500 for the ethernet.
Note: DO NOT change this value unless your switch and network are configured to
work with a different MTU.
Examples
show ether 1 mac
Shows the ether 1 MAC address.
show ether 1
Shows the ether 1 settings.
270
show file
Purpose
Use the show file command to display the contents of a file.

Roles
Role
show file
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-132 can be entered after the show file command.
Table 3-132 show file Option
Option
<filename>
Description
Displays the contents of the file with the name <filename>.
Notes
This command has the same effect as the command display file.
Example
show file my_ssl_key
Displays the contents of the SSL key name my_ssl_key.
271
show flash
Purpose
Use the show flash command show to Flash disk usage for the active partition: kilobytes used,
kilobytes available, and total kilobytes.
Roles
Role
show flash
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Following is a sample of the show flash command output for the active partition:
42120 Kb used, 20272 Kb avail, 62392 Kb total
Example
show flash
Shows Flash disk usage.
272
show floatingvip
Purpose
Use the show floatingvip command to show the all of the Floating VIP addresses.
Roles
Role
show floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
None
273
show forwarder <name | all>

Purpose
Use the show forwarder <name | all> command to show the forwarder configuration. A
forwarder is used to forward TCP traffic only (i.e., SMTP traffic).
Roles
Role
show forwarder <name>
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-133 can be entered after the show forwarder <name | all>
command.
Table 3-133 show forwarder <name> Options
Options
Description
<blank>
Shows information for all forwarders.
all
Shows information for all forwarders. No subcommands may follow the all
command. See Notes.
description
Shows the description information for a forwarder.
dsr
Shows the Direct Server Return mode for a forwarder.
listen
Displays forwarder listen configuration.
stats
Displays the I/O statistics for a specific forwarder or for all forwarders.
target
Displays the I/O statistics for a specific target host or for all target hosts in a
forwarder. See show forwarder <name> target host [M | all] stats on
page 276 for more information.
Notes
The show forwarder all command can not take any subcommands. Adding a subcommand
after the keyword all will return an error.
DSR = Direct Server Return: A configuration where requests from the Redline appliance to the
server are returned by the server directly to the client, rather than using the appliance to pass
the response to the client.
274
Examples
show forwarder
Shows all forwarder configurations. Refer to set forwarder <name> on page 165 for additional information.
show forwarder 1
Shows information for forwarder 1.
show forwarder all
Shows all forwarder information.
show forwarder 1 stats
Displays the I/O statistics for the forwarder 1.
show forwarder all stats
Displays the I/O statistics for all forwarders.
275
show forwarder <name> target host [M | all] stats

Purpose
Use the show forwarder <name> target host [M | all] stats command to display the I/O
statistics for a specific target host or for all target hosts in a forwarder.
Roles
Role
show forwarder <name>

target host stats
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
show forwarder 1 target host 1 stats
Displays the I/O statistics for target host 1 in forwarder 1.
show forwarder 1 target host all stats
Displays the I/O statistics for all target hosts in forwarder 1.
276
show health remotehost

Purpose
Use the show health remotehost command to show parameters relating to connectivity
failover.
Roles
Role
show health remotehost
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-134 can be entered after the show health remotehost command.
Table 3-134 show health remotehost Options
Options
Description
<blank>
Shows all of the configurable parameters associated with remote host

health.
host
Shows the IP addresses that will be checked for health check.
interval
Shows the health check interval (how often to send the health checks).
minhostsfailing
Shows the count for the minimum number of hosts failing.
retry
Shows the maximum number of attempts before health check considers

the host down.
status
Shows whether connectivity failover health check is enabled or disabled.
timeout
Shows the health check timeout (how long to wait for a response).
Notes
None
Example
None
277
show hostname
Purpose
Use the show hostname command to show the host name.

Roles
Role
show hostname
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show hostname
Shows the domain name for the host (i.e., tx2.foobar.com).
278
show license
Purpose
Use the show license command to show the data needed for license key generation.
Roles
Role
show license
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-136 can be entered after the show license command.
Table 3-135 show license Options
Options
Description
<blank>
Shows details about the appliances license.
data
Shows the data needed for license key generation.
Notes
None
279
Example
show license
Shows details about the appliances license.
ex% show license
E|X 3200
1408
Virtual IP Addresses:
64
Target Hosts/VIP:
32
Connections:
50000
OWA (WebDAV) licensed.
ActiveN licensed.
Groups:
64
Blades:
2048
SLB licensed.
Groups:
64
Targethosts:
32
RADIUS Authentication licensed.
LDAP Authentication licensed.
Historical Stats licensed.
Apprules licensed:
Request Translator Header (RTH):
Page Translator Header (PTH):
Page Translator Content (PTC):
Request Sentry (RS):
show license data
Shows the data needed for license key generation.
ex% show license data
A0IhJqU/QMgLDI8Vav
280
Unlimited
Unlimited
Unlimited
Unlimited
show log
Purpose
Use the show log command to show entries from the Apprule, Audit, and System logs.
Roles
show log
Role
apprule
audit
system
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-136 can be entered after the show log command.
Table 3-136 show log Options
Options
Description
apprule
Shows the Apprule log.
audit
Shows the Audit log.
system
Shows the System log.
Notes
None
Examples
281
show loginbanner
Purpose
Use the show loginbanner command to the display the current login banner with the
appropriate substitutions. This banner must have been previously set using the capture
loginbanner command.
Roles
Role
show admin loginbanner
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show loginbanner
Shows the login banner with the appropriate substitutions. Refer to capture on page 31 for
282
show netstat
Purpose
Use the show netstat command to show network statistics. These statistics include active
internet connection information such as send and receive queues, local and foreign addresses,
and states.
Roles
Role
show netstat
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-137 can be entered after the show netstat command.
Table 3-137 show netstat Options
Options
Description
<blank>
Shows network statistics.
Where N is an integer; shows network statistics every N seconds.
-a
Shows active connections.
-s
Shows network statistic.
-r
Shows the routing tables.
Notes
This command is the same as the netstat command.

Examples
show netstat
Shows network statistics. This is a sample of the show netstat command output:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
(state)
tcp4
0
20 10.0.22.50.22
192.168.0.234.1094 ESTABLISHED
tcp4
0
0 *.8090
*.*
LISTEN
tcp4
0
0 *.23
*.*
LISTEN
tcp4
0
0 *.22
*.*
LISTEN
283
show netstat 1
Shows network statistics every second. Use ^C (control C) to stop.
show netstat -r
Shows the routing table. Sample output is as follows:
tx2200% show netstat -r
Routing Tables:
Internet:
Destination
Gateway
Flags
default
192.168.0.1
UGSc
12.12.1.23
12.12.12.12
UGHS
192.168.0/16
link#1
UC
192.168.0.1
0:d0:b7:85:bc:a0 UHLW
192.168.40.169/32 link#1
UC
192.168.40.188/32 link#1
UC
192.168.40.228
8:0:46:4d:60:40 UHLW
Refs Use Netif

4
0
ether0
0
0
ether0
2
0
ether0
3
0
ether0
0
0
ether0
0
0
ether0
1 310
ether0
Expire
show netstat -s
Shows the network statistics. Sample output is as follows:
tx2200% show netstat -s
tcp:
107268 packets sent
2286 data packets (17826876 bytes)
0 data packets (0 bytes) retransmitted
0 resends initiated by MTU discovery
142799 ack-only packets (15 delayed)
0 URG only packets
0 window probe packets
248 window update packets
43068 control packets
16917 packets received
7755 acks (for 17830102 bytes)
3488 duplicate acks
0 acks for unsent data
5474 packets (17825611 bytes) received in-sequence
243 completely duplicate packets (0 bytes)
0 old duplicate packets
0 packets with some dup. data (0 bytes duped)
0 out-of-order packets (0 bytes)
0 packets (0 bytes) of data after window
0 window probes
3387 window update packets
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
39862 connection requests
37 connection accepts
0 bad connection attempts
0 listen queue overflows
3296 connections established (including accepts)
284
812
1125
39756 connections closed (including 8 drops)

36 connections updated cached RTT on close
36 connections updated cached RTT variance on close
0 connections updated cached ssthresh on close
33619 embryonic connections dropped
7727 segments updated rtt (of 44330 attempts)
135036 retransmit timeouts
8 connections dropped by rexmit timeout
0 persist timeouts
0 connections dropped by persist timeout
36892 keepalive timeouts
3268 keepalive probes sent
33619 connections dropped by keepalive
327 correct ACK header predictions
2176 correct data packet header predictions
37 syncache entries added
0 retransmitted
0 dupsyn
0 dropped
37 completed
0 bucket overflow
0 cache overflow
0 reset
0 stale
0 aborted
0 badack
0 unreach
0 zone failures
0 cookies sent
0 cookies received
udp:
174 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
0 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
174 delivered
184 datagrams output
285
ip:
17091 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with ip length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 packets reassembled ok
17091 packets for this host
0 packets for unknown/unsupported protocol
0 packets forwarded (0 packets fast forwarded)
0 packets not forwardable
0 packets received for unknown multicast group
286
show ntp
Purpose
Use the show ntp command to show the Network Time Protocol (NTP) configuration.
Roles
Role
show ntp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-138 can be entered after the show ntp command.
Table 3-138 show ntp Options
Options
Description
<blank>
Shows the NTP configuration.
server <N | all>
Shows the NTP server; where N = 1, 2 or 3, or shows all NTP servers.
status
Shows whether the NTP daemon is up or down.
Notes
None
Example
show ntp
Shows the NTP configuration, including the server, and whether the NTP daemon is up or
down.
287
show ntpq
Purpose
Use the show ntpq command to query the Network Time Protocol (NTP) server.
Roles
Role
show ntpq
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The command show ntpq uses the mode 6 control message format to query an NTP server
about its current state.
Example
show ntpq
Queries the NTP server. An example of the output is:
tx% show ntpq
remote refid st t when poll reach delay offset jitter

============================================================================
ntp.company.com ntp-cup.externa 2 u 16 64 377 0.240 14.169 0.505
288
show redirector <name>

Purpose
Use the show redirector <name> command to show the configuration for a specific redirector.
Roles
customurl, dsr, host, port,
protocol, status, urlmethod
listen
listen ssl
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-139 can be entered after the show redirector <name> command.
Table 3-139 show redirector <name> Options
Options
Value
Description
<blank>
Shows the complete redirector configuration.
customurl
Shows the custom URL setting for the redirector.
description
Show the description for the redirector.
dsr
Show the DSR status, i.e., if DSR is enabled or disabled.
host
Shows the redirect host name or IP address for the redirector.
listen
<blank>
Shows the redirector listen configuration.
port
Shows the redirector listen port.
ssl
Shows the redirector listen SSL settings. Refer to show

redirector <name> listen ssl on page 291 for additional
information.
vip
Shows the redirector virtual IP address.
port
Shows the port where requests will be redirected.
protocol
Shows the protocol that will be used to redirect requests.
stats
<blank>
Shows the I/O and SSL stats for the redirector.
io
Shows the I/O stats for the redirector.
ssl
Shows the SSL stats for the redirector.
status
Shows the status of the redirector, i.e., if the redirector is

enabled or disabled.
urlmethod
Shows the URLmethod setting of the redirector.
289
Notes
None
Examples
show redirector 1 listen ssl
Shows the redirector 1 listen SSL status.
show redirector 1 customURL
Shows the redirector custom URL string configuration.
show redirector 1
Shows the complete redirector configuration. An example of the command output is:
tx% show redirector 1
Redirector [1]
Listen Port: 80
Listen VIP: 192.168.113.114
Listen Netmask: 255.255.255.255
Listen SSL Status: disabled
Listen Certfile:
Listen Keyfile:
Listen Client Authentication: disabled
Listen CA Certfile:
Listen CA CRL File:
Listen CA Trustfile:
DSR Status: disabled
Status: enabled
Protocol: https
Host: 192.168.113.114
Port: 443
URL Method: request
Custom URL:
290
show redirector <name> listen ssl

Purpose
Use the show redirector <name> listen ssl command to show the configuration of the SSL
listen parameters for a specific redirector. This feature is only available on the E|X Enterprise
Application Processor product line.
Roles
Role
Admin

listen ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-140 can be entered after the show redirector <name> listen ssl
command.
Table 3-140 show redirector <name> listen ssl Options
Options
Description
<blank>
Shows the redirector listen SSL configuration.
certfile
Shows the redirector listen SSL certfile.
cipherfile
cipherlist
each ciphersuite, showing the name, version, key exchange, authentication, encryption, and hash methods.
clientauth
Shows the listen SSL clientauth settings.
ciphersuite
Shows the redirector listen SSL cipher suite.
ephkeyfile
Shows the redirector listen SSL ephemeral keyfile.
keyfile
Shows the redirector listen SSL keyfile.
protocol
Shows the redirector listen SSL protocol.
status
Shows the redirector listen SSL status.
Notes
291
Examples
show redirector 1 listen ssl
Shows the redirector 1 listen SSL information.
show redirector 1 listen ssl ciphersuite
Shows the redirector 1 listen SSL cipher suite settings.
292
show route
Purpose
Use the show route command to show the routing table.

Roles
Role
show route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
show route
Shows the route. An example of the output is:
se2200% show route
[1] 66.12.13.5 192.168.0.10
[2] 66.12.14.0 192.168.0.11 255.255.255.0
[1] and [2] represent the route number that is used when deleting a route. The example also
shows that the destination IP address 66.12.13.5 can be reached via the gateway
192.168.0.10.
293
show server
Purpose
Use the show server command to show the server configuration.

Roles
show server
Role
all
customlogheader
failover
maxconns
reversepath
status
Network Admin
Network Operator
Admin
Security Admin
Security Operator
User
Options
The options shown in Table 3-141 can be entered after the show server command.
Table 3-141 show server Options
Options
Values
Description
<blank>
Shows the server configuration.
customiplogheader
Shows the custom header name that will be added to the client's
request with client's original IP address.
failover
Shows the failover server.
<blank>
failover
linkfail
<blank>
Shows all link fail information.
linkfail
count
Shows the number of failures that have occurred.
linkfail
pollinterval
Shows the link failure polling interval in milliseconds.
vmac
vmac
Shows the Virtual MAC Address.

id
Shows the Virtual MAC Address assigned to the specified ID.
forwardclientcert
Shows the custom SSL client certificate HTTP header.
maxconns
Shows the maximum number of simultaneous connections that

the appliance can support.
reversepath
Displays the current configuration of the reverse path routing feature.
reversepath
294
entries
Displays current entries that are created in the system.
maxroutes
Displays the maximum number of routes that are allowed.
timeout
Displays the current timeout value.
Table 3-141 show server Options

Options
Values
Description
stats
Shows the statistics of the server with the following information:

Active and total number of sessions
Active and total number of requests
Total bytes in and bytes out
Refer to show server stats on page 296 for additional information.
status
Shows if the server is up or down.

Notes
None
Examples
show server status
Displays the status of the server; either up or down. An example of the output is:
show server status
Server: up
295
show server stats

Purpose
Use the show server stats command to display server statistics.

Roles
show server stats
Role
all
history
[io | http]
ssl
Network Admin
Network Operator
Admin
Security Admin
Security Operator
User
Options
The options shown in Table 3-142 can be entered after the show server stats command.
Table 3-142 show server stats Options
Options
Description
<blank | n>
Displays all server statistics, including I/O, HTTP and SSL statistics for
the server. Typing a number (n) here repeatedly displays all server statistics every n seconds.
history
For information, see show server stats history on page 298.
http
Displays all HTTP statistics for the server.
io
Displays all I/O statistics for the server.
ssl
Displays all SSL statistics for the server.
Notes
None
296
Examples
show server stats
Displays the statistics of the server. An example of the output is:
show server stats
IO Statistics - server listen
Bytes In (Req from Clients) 8
Bytes Out (Resp to Clients) 3553
Current Client Connections 0
Total Client Connections 4
Refused Client Connections 0
IO Statistics - server target host all
Bytes In (Resp from Servers) 0
Bytes Out (Req to Servers) 0
IO Statistics - server physical target all
Current Active Server Conns 0
Current Idle Server Conns 12
Total Server Connections 108
Passed Health Chks (Server OK) 0
Failed Health Chks (Server Down) 0
. . .
show server stats 5
Repeatedly displays the statistics for the server every five seconds.
show server stats io
Displays all I/O statistics of the server.
show server stats http
Displays all HTTP statistics of the server.
show server stats ssl
Displays all SSL statistics of the server.
297
show server stats history

Purpose
Use the show server stats history command to display the history statistics for the server.
Roles
show server stats
history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-120 can be entered after the show server stats history
command.
Table 3-143 show server stats history Options
Options
Value
listen
http
target
298
Description
<blank>
Show the historical listen statistics for the server.
browser
This option shows the connections by the type of browser.

The browsers monitored are shown in Table 3-122.
method
This option shows the request method. The methods that

are monitored are shown in Table 3-123.
req-err
This option shows the illegal requests. The illegal requests

are shown in Table 3-124.
request
Number of active client requests.
version
Shows the client browser version as shown in Table 3-125.
<blank>
Show the historical target statistics for the server.
bytesin

bytesout

content

response code


Options
Value
Shows all of the client-side I/O statistics for the cluster, including:
Bytes Out (Resp to Clients)
Current Client Connections
Total Client Connections
Refused Client Connections
<blank>
listen
io
target
Description
<blank>
Shows all of the server I/O listen historical stats.
day
Shows server I/O listen historical stats per day.
hour
Shows server I/O listen historical stats per hour.
minute
Shows server I/O listen historical stats per minute.
month
Shows server I/O listen historical stats per month.
second
Shows server I/O listen historical stats per second.
year
Shows server I/O listen historical stats per year.
<blank>
Shows the server-side I/O statistics for the cluster, including:

Bytes Out (Resp to Clients) Current Active Server Conns
day
Shows server I/O target historical stats per day.
hour
Shows server I/O target historical stats per hour.
month
Shows server I/O target historical stats per month.
year
Shows server I/O target historical stats per year.
299

Options
Value
Shows the SSL statistics for the cluster including the number of:
New Sessions
Reused Sessions
<blank>
ssl
listen
target
Description
<blank>
Shows all of the server SSL listen historical stats.
day
Shows server SSL listen historical stats per day.
hour
Shows server SSL listen historical stats per hour.
minute
Shows server SSL listen historical stats per minute.
month
Shows server SSL listen historical stats per month.
second
Shows server SSL listen historical stats per second.
year
Shows server SSL listen historical stats per year.
<blank>
Shows all of the server SSL target historical stats.
day
Shows server SSL target historical stats per day.
hour
Shows server SSL target historical stats per hour.
month
Shows server SSL target historical stats per month.
year
Shows server SSL target historical stats per year.
Notes
None
Example
None
300
show slb
Purpose
Use the show slb command to display information related to the internal Server Load Balancer.
Roles
show slb
Role
failover
group
stats
status
targethost
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-144 can be entered after the show slb command.
Table 3-144 show slb command Options
Options
Value
Description
<blank>
Displays the basic L4S configuration parameters.
failover
Displays the failover status.

<name | all>
group
<name | all>
Displays the group characteristics.

session
Displays statistics for the group session.
stats
Displays the group statistics.
targethost
Displays statistics for the group targethost.
session
Displays the total number of sessions.
stats
Displays the overall statistics for the switch.
status
Displays the switch state.

Notes
The show slb command shows these basic configuration parameters:

Table 3-145 show slb command Permutations
Switch Status
Meaning
Disabled
The SLB is off
Enabled (stand-alone)
The SLB is in stand-alone mode
Enabled (active)
The SLB is enabled for failover and is the active switch
Enabled (passive)
The SLB is enabled for failover and is the backup switch
301
The SLB statistics that are shown are:

Active: The number of active sessions.
Total: The total number of sessions successfully terminated.
Close: The number of sessions in closewait state. A closewait is a session that is waiting
to be closed, but has not closed as of yet.
SYNWait: The number of sessions in synwait state. A synwait is a session with a threeway handshake not terminated (SYN sent by client and waiting for a SYN/ACK from the
server or SYN sent by client and SYN/ACK sent by the server, but waiting for an ACK
from the client).
Example
show slb
Shows the Server Load balancer basic configuration:
show slb
Server Load Balancer basic Configuration
=============================
Reap Timeouts (in Secs):
Active: 90
Close: 12
Ack Wait(syn flood): 6
Reset to client: enabled
Reset to server: enabled
Sticky idle timeout: 120
HealthCheck Params
Timeouts(In secs):
Up: 20
Down: 10
Syn wait: 5
Max tries(before fail): 3
Switch Status: disabled
% show slb stats
Shows the overall statistics:
% show slb stats
Bytes 126637 (126.637 KB)
Packets 147
Flushed 1
Total 1
Current Sessions
Active 0
Close 0
Synwait 0
302
% show slb group 1 stats

Shows the statistics for the servers in Group 1:
% show slb group 1 stats
========================================
Group 1 Stats:
Bytes 126637 (126.637 KB)
Packets 147
Flushed 1
Total 1
Current Sessions
Active 0
Close 0
Synwait 0
________________________________________
Server(192.168.0.2:110) stats:
Bytes 126637 (126.637 KB)
Packets 147
Flushed 1
Total 1
Current Sessions
Active 0
Close 0
Synwait 0
________________________________________
========================================
% show slb group 1 targethost 192.168.0.2:110 stats
Shows the statistics for targethost 192.168.0.2:110 in Group 1:
% show slb group 1 targethost 192.168.0.2:110 stats
________________________________________
Server(192.168.0.2:110) stats:
Bytes 126637 (126.637 KB)
Packets 147
Flushed 1
Total 1
Current Sessions
Active 0
Close 0
Synwait 0
________________________________________
303
% show slb
Shows the Server Load Balancer basic configuration:
% show slb
Server Load balancer basic Configuration
=============================
Reap Timeouts(in Seconds):
Active: 23
Close: 13
Ack Wait(syn flood): 12
Reset to client: disabled
Reset to server: enabled
HealthCheck Params
Timeouts(In seconds):
Up: 67
Down: 13
Syn wait: 5
Max tries(before fail): 3
Switch Status: enabled
% show slb group 1
Shows the configuration for Server Load Balancer group 1:
% show slb group 1
========================================
group 1
vip: 192.168.15.62
port: 110
protocol: tcp
nat: full
nat port start: 1024
nat port end: 8000
________________________________________
server 1
ip: 192.168.0.2
port: 110
Status: Up
________________________________________
========================================
% show slb group <192.168.15.62:70> targethost <i192.168.0.2:80>
Shows the configuration for Server Load Balancer with maxconn selected:
% show slb group <192.168.15.62:70> targethost <192.168.0.2:80>
server(192.168.0.2:80) (group: 192.168.15.62:70)
ip: 192.168.0.2
port: 80
weight: 1
Max connection: 400 <==== Max connections to the target host.
Status: Up
304
show support
Purpose
Use the show support command to display support contact information for Redline Networks,
Incorporated.
Roles
Role
show support
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show support
Displays the phone number, E-mail and web site addresses for Redline Networks support
organization.
305
show sync group <name>

Purpose
Use the show sync group command to show the configuration of a synchronization group for
configuration synchronization.
Roles
Role
show sync group
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-146 can be entered after the show sync group command.
Table 3-146 show sync group Options
Options
Value
Description
<blank>
Shows all of the settings for a synchronization group.
description
Shows the description for a synchronization group.
member
override
<blank>
Shows the username and password for all synchronization group

members.
<id>
Shows the username and password for a specific synchronization

group member.
all
Shows the username and password for all synchronization group

members.
<blank>
Shows whether the group override file is enabled or disabled.
filename
Shows the name for the group override file.
status
Shows the sync group's override status.
Notes

Examples
None
306
show tcpdump
Purpose
Use the show tcpdump command to display previously captured TCPDump information.
Roles
Role
show tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The command tcpdump must be executed first in order to collect the information before the
command can be used to show captured information. Refer to tcpdump on page 317 for
Example
show tcpdump
Displays previously captured TCPDump information.
307
show timezone
Purpose
Use the show timezone command to show the time zone or a list of all time zones.
Roles
Role
show timezone
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-147 can be entered after the show timezone command.
Table 3-147 show time zone Options
Options
Description
<blank>
Shows the current time zone.
list
Show a list of all time zones.
Notes
This command is used in conjunction with the set timezone command (refer to set timezone
on page 193) to manage the timezone properties.
Examples
show timezone
Shows the current time zone.
show timezone list
Show a list of all time zones.
308
show traceroute
Purpose
Use the show traceroute command to show how your data packets go from where you are to a
particular destination.
Roles
Role
show traceroute
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show traceroute
Shows a trace that follows your data packets on
their route to a destination.
309
show ua
Purpose
Use the show ua command to show the use agreement.

Roles
Role
show ua
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command prints out the terms and conditions of purchase, price and payment information,
delivery and warranty, and limitations of liability for the appliance.
Example
show ua
Shows the use agreement.
310
show user
Purpose
Use the show user command to display the users status and role. Only users with an
administrator role may display this information.
Roles
Role
Admin
show user
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-148 can be entered after the show user command.
Table 3-148 show user Options
Options
Description
<blank>
Displays all users and their administrative rights.
<username>
Displays a specific user and his or her administrative rights.
Notes
Refer to the Installation and Administrative Guide for the definition of each users role.
Examples
show user bmartino
Displays administrative rights for user bmartino as:
% show user bmartino
User
status
--------bmartino
Enabled
roles
----Security Administrator
311
show user
Displays defined administrative rights for all users as:
% show user
User
Status
Roles
------------bmartino
Enabled
Security Administrator
jsingh
Enabled
Administrator
jmelvile
Disabled
Network Operator
jvecchi
Enabled
(none)
A newly added user without a role is displayed as (none):
312
show version
Purpose
Use the show version command to display the version of the firmware in the active partition of
the appliance.
Roles
Role
show version
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The show version command only displays the partition currently running.
Example
show version
Shows the version of firmware currently running.
313
show vlan
Purpose
Use the show vlan command to show Virtual LAN parameters.

Roles
Role
show vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-149 can be entered after the show vlan command.
Table 3-149 show vlan Options
Options
Value
Description
<blank>
Shows all VLAN parameters.
default
Shows the default VLAN.
ip
<ip | all>
Shows the VLAN parameters for a specific IP address or

all IP addresses.
range
Shows the VLAN parameters for a range of IP addresses

or all IP addresses.
Notes
None
Example
None
314
ssldump
Purpose
The ssldump command is a monitoring tool that is used to monitor ssl traffic. It captures a
dump of the SSL traffic going through the appliance and saves it for examination later.
Roles
Role
ssldump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
None
315
synchronize group <name>

Purpose
Use the synchronize group command to synchronize the configuration settings across a group
of appliances. Before this command can be executed, both the Synchronization Group and the
SOAP server must have been set up correctly.
Roles
Role
Admin
synchronize group
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
None
316
tcpdump
Purpose
Use the tcpdump command to collect the TCPDump information into a file.
Roles
Role
tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-150 can be entered after the tcpdump command.
Table 3-150 tcpdump Options
Options
Value
Description
Executes the TCPDump command and collects
the dump information into a file.
<blank>
-i
<blank>
Tcpdump will gather information only from the

Ethernet connection specified
port 80
Tcpdump will filter data from the Ethernet connection and port specified
[ether 0 | ether 1]
Notes
The TCPDump command consists of information useful for troubleshooting. You must
configure the mechanism to deliver the dump and filename for storing the TCPDump if you are
using TFTP or SCP before executing this command:
set admin tcpdump filename <filename> (only needed for TFTP)
set admin tcpdump transport (scp | smtp | tftp)
Prior to Release 2.3, the TCPDump collected by the appliance was encoded in base64.
Beginning with Release 2.3, the TCPDump collected is in a binary format. The command for
viewing TCPDump contents online is:
show tcpdump
TCPDumps collected prior to Release 2.3 can be viewed offline by decoding it from the base64
format using a standard utility such as uudecode. Once decoded, it can then be viewed with a
standard TCPDump utility with the r option. TCPDumps collected with Release 2.3 or later
can be viewed directly with a standard TCPDump utility.
Running a new TCPDump will overwrite the prior dump collected. To copy the TCPDump
from the appliance for analysis, use the copy tcpdump command. Refer to copy on page 60
for additional information.
317
Example
tcpdump
Executes the TCPDump command and collects the dump information into a file.
318
tsdump
Purpose
Use the tsdump command to send the technical service dump to a TFTP server or to the
E-mail address configuration.
Roles
Role
tsdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Technical Service dumps consist of information useful for remote troubleshooting. You must
configure the mechanism to deliver the dump and filename for storing the technical service
dump if you are using TFTP or SCP before executing this command:
set admin tsdump filename <filename> (only needed for TFTP)
set admin tsdump transport (scp | smtp | tftp)
Example
tsdump
Executes the TSDump and sends the information to the configured destination.
319
wall
Purpose
Use the wall command to write a message to all users who are currently logged into the Web
I/O Accelerator.
Roles
Role
wall
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
wall please log off now, rebooting in 2 minutes...
Write the message please log off now, rebooting in 2 minutes on the console to all users
who are logged in.
320
who
Purpose
Use the who command to display a list of other people currently logged in.
Roles
Role
who
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
who
Displays a list of who is logged in. An example of the command output is:
tx2200% who
rlshell
ttyp0
Nov 5 13:35
(dhcp-228)
321
whoami
Purpose
Use the whoami command to display who is logged in by a user. The user shown in the example
is an administrator for the appliance.
Roles
Role
whoami
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
An example of the whoami command output is:

% whoami
bmartino: administrator
Example
whoami
Displays who is logged in.
322
write
Purpose
Use the write command to write (save) a configuration.

Roles
Role
write
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-151 can be entered after the write command.
Table 3-151 write Option
Option
<blank>
Description
Write commands to the startup configuration.
Notes
Use reload to revert back to the previous configuration and discard any changes that you have
made since the last saved configuration.
Example
write
Writes (saves) the configuration.
323
324
Appendix A. Glossary
Appendix A.
Glossary
Term
Description
Busy Redirect
If the Target web server responds with a Busy error, the Web I/O Accelerator will serve the page specified by this URL instead.
Certfile
Certification file for SSL traffic.
Cipher
Cryptographic algorithm for a server and client to authenticate each other,

transmit certificates, and establish session keys.
Ciphersuite
A set of ciphers.
Cluster
A cluster is a set of web servers to be accelerated. It listens for incoming

web traffic on a specific virtual IP address and port, distributes it over the
target hosts (web servers) in the cluster and then accelerates the outgoing
web traffic. Typically all the web servers in a particular cluster serve identical content; that is, each cluster usually represents a distinct website or
property.
Convert302protocol
Converts the 302 responses from HTTP to HTTPS or from HTTPS to HTTP.
Customiplogheader
A special header to annotate the log; showing the session that is being
logged in an easily identifiable way.
Custom Header
This is custom HTTP header that will be added with the clients origin IP to
the client's request.
Default Route
Also known as the Gateway, this is the IP address of the machine the
Web I/O Accelerator talks with in order to access the outside world.
Direct Server Return

(DSR)
Reduces the outgoing traffic channeled through a load balancer by allowing web servers to send their HTTP responses directly back to the requesting client without passing back through the load balancer. Enable this
option on the Web I/O Accelerator if the target web servers are configured
to use DSR.
DNS Domain
Also known as the Domain Suffix; this will be used to resolve unqualified
host names.
DNS Nameserver
The IP address of the primary name server for the Web I/O Accelerator.
This is the machine the Web I/O Accelerator queries to resolve host names
into IP addresses.
Ethernet 0 (ether0)
This is the primary ethernet port of the Web I/O Accelerator and the interface through which web traffic travels.
Ethernet 1 (ether1)
Also known as the Heartbeat port, Ethernet 1 is used to communicate

with a second Web I/O Accelerator configured as a cold-standby fail-over
unit.
Farm
A set of web clusters, typically with each cluster serving a different purpose.
Fail-over
This specifies whether or not the Web I/O Accelerator should act as a coldstandby fail-over unit for another Web I/O Accelerator on the network.
NOTE: both the active and the stand-by T|X units should have this option
enabled, and both units should have the same Virtual IP settings
325
Apprndix A. Glossary
Forwarder
A forwarder is a mechanism for forwarding traffic on to a set of servers. It

listens for incoming traffic on a specific virtual IP address and port and distributes it over the target hosts. Unlike a cluster, a forwarder blindly forwards incoming traffic on to its target hosts. These typically are not web
servers, and the forwarder does not attempt to accelerate the outgoing traffic. This is for non-HTTP traffic; the forwarder simply passes the traffic
through without examining it.
Hostname
The fully qualified DNS name for the Web I/O Accelerator.
Keyfile
Key file for SSL traffic.
Keypass
Password for SSL key.
Layer 7 Health
Checking
Checks whether the target hosts are available by periodically sending an

HTTP request to a specific URL on the target hosts.
Layer 7 Health Check

Request Interval
The number of seconds separating each health check request sent to the
the target hosts. The valid range of values is 1 - 60 seconds.

Request URL Path
The URL path that is requested on a target host with each health check.
The URL path must begin with a slash '/'.

Retry Threshold
The number of times a health check must fail before the target host is considered unavailable. The valid range of values is 1 - 20.

Resume Threshold
The number of times a health check must succeed before the target host
is considered available. The valid range of values is 1 - 20.

Status Code
The HTTP response status code expected from a target host in response
to a health check. For typical use, the status code should be set to 200.

Page Size
The page size expected from a target host in response to a health check.
This is the number of bytes in the body of the HTTP response, as it would
be indicated in an HTTP Content-Length header. This is an optional setting; to disable this setting, use the value -1.

Expect String
A string expected to appear somewhere in the HTTP response given to a

health check. The expect string is searched for in the non-header portion
of the HTTP response. It is case-sensitive and must be enclosed in doublequotes if there is whitespace in the string. The maximum length of the
string is 64 bytes. This setting only applies to health check responses with
the following MIME types: text/html, text/css, text/plain and text/xml. This
is an optional setting.
Listen Port
The port on which the Web I/O Accelerator listens for incoming web traffic;
it is typically set to 80.
Listen IP Address
See Virtual IP Address.
Listen IP Netmask
See Virtual IP Netmask.
Log Host
The IP address of the server to which the Web I/O Accelerator will be sending logging data.
Logging
Turns logging on or off. Remember that logging always exacts a performance penalty.
Media
Media is the mode in which an ethernet interface (ether0 and ether1) operates.
326
REDLINE NETWORKS :: WCommand Line Reference
MTU
Maximum Transmission Unit (MTU) is the largest number of bytes of payload data a frame can carry, not counting the frame's header and trailer.
The MTU should be set to 1500 for Ethernet. DO NOT change this value
unless your switch and network are configured to work with a different
MTU.
Netmask
A mask to filter out addresses that should not access the device.
NTP
Network Time Protocol. Specifies whether or not the Web I/O Accelerator
should listen for your NTP server.
RADIUS
Remote Authentication Dial In User Service
Redirector
A redirector is mechanism for redirecting requests to a single web server.

It listens for incoming web requests on a specific virtual IP address and
port and redirects the client to that web server. Unlike a cluster, a redirector
does not allow web traffic to pass through the Web I/O Accelerator. Instead, for every web request a redirector receives, the redirector sends the
client back a redirect URL and forces it to resend its HTTP request to that
URL.
Redirector Host
The host portion of the redirect URL sent by the redirector. That is, this is
the web server to which the client should be redirected. The redirector host
may be specified as either a hostname or an IP address.
Redirector Port
The port portion of the redirect URL sent by the redirector.
Redirector Protocol
The protocol portion of the redirect URL sent by the redirector. Valid values
are HTTP and HTTPS.
Redirector URL
Method
The manner by which the redirector specifies the path portion of the redirect URL. If the request method is selected, then the redirector will construct the redirect URL using the same URL path as the original request. If
the custom method is selected, then the redirector will construct the redirect URL using a custom URL path. You must specify a custom URL path
if the custom method is selected, and the custom URL path must begin
with a slash '/'.
For instance, if the request method is selected and the redirector receives
a request for a page at '/path/page.html', then the redirect URL will look
something like 'http://my.redirect.host/path/page.html'. However, if the
custom method is selected and the custom URL path is set to '/custom/
script.cgi?a=b', then the redirect URL will look something like 'http://my.redirect.host/custom/script.cgi?a=b' for any request received by the redirector.
RMMP
Recline Multicast Messaging Protocol. This messaging protocol enables

health checking between appliances.
Route (Default)
Also known as the Gateway. This is the IP address of the machine the
Web I/O Accelerator talks with in order to access the outside world.
Server
Web I/O Accelerator service.
SSL
Secure Sockets Layer (SSL) is a protocol that defines a way for two network devices to communicate securely. You can enable SSL on the listen
side to communicate with clients securely. You can enable SSL on the target side to communicate with the target hosts securely
327
SSL Protocol Version
There are three versions of SSL protocol: SSL version 1 (SSLv1), SSL version 2 (SSLv2) and Transport Layer Security version 1 (TLSv1). There are
four SSL protocol modes in which the Web I/O Accelerator can operate:
SSL Ciphersuite
sslv2: Use SSLv2 only

sslv3: Use SSLv3 only
sslv23: Use SSLv2, SSLv3 and TLSv1
tslv1: Use TLSv1 only
A collection of cryptographic algorithms used by two network devices to

authenticate one another, transmit certificates and establish session keys.
There are four categories of cipher suites used by the T|X:
all: Allow all supported SSL cipher suites
common: Allow only the fastest cipher suites from both the strong and export
groups
export: Allow only the low security cipher suites suitable for export
strong: Allow only the highest security cipher suites suitable for use in the U.S.A.
SSL Certfile
The certificate file used when establishing SSL communication.
SSL Keyfile
The key file used when establishing SSL communication.
SSL Keypass
The password for the SSL Keyfile.
Sticky
Ties a client to a server via the cookie or the clients IP address.
Sticky Load Balancing
A method of load balancing that binds a client to a server via a cookie or

the client's IP address. It ensures that all subsequent requests made by a
client are directed to the same server that handled the initial request.
Target Host:Port
This is the IP address and accompanying port of the web server that the
Web I/O Accelerator will accelerate. Depending upon the Web I/O Accelerator model, you may be able to enter IP addresses and ports for up to
eight Target Hosts.
Target Name
This is the fully-qualified host name which clients use to reach your website
or the servers you are accelerating.
Web I/O Accelerator

Statistics
The following Web I/O Accelerator Statistics are available:

Uptime: The elapsed time since the Web I/O Accelerator was turned on.
Sessions (active/total): The number of TCP sessions that the Web I/O Accelerator has handled.
Requests (active/total): The number of HTTP requests the Web I/O Accelerator has received.
Bytes (in/out): The total amount, in bytes, of data the Web I/O Accelerator
has received from target hosts, and the total amount of data that the Web
I/O Accelerator has sent out to clients.
Virtual IP Address
This is the IP address to which all incoming web traffic should be routed. It
should be different from the IP address(es) you specified on the Network
Settings page.
Virtual IP Netmask
The proper subnet mask for a device with the given Virtual IP Address.
WebUI Port
This is the port on which the administration web server (WebUI) listens. For
example, if you set this to 8090, you can connect to the T|X by typing
something like http://redlinename.yourdomain.com:8090
328
WebUI SSL
Turn SSL on or off for the administration web server (WebUI). The first
time, this must be performed in the Command Line Interface (CLI), and you
will be prompted to generate a certificate.
329
330
Appendix B. List of Events
Appendix B.
List of Events
EMERG Events
T|X Server was started
Not licensed for this device
Table 2-1
EMERG Events Messages

Message
Description
ntp daemon was started
The NTP process was started.
admin server was started
The Web UI was started
ssh daemon was started
The SSH server was started
telnet daemon was started
The telnet process was started.
snmp daemon was started
The SNMP process was started.
E|X Server was started
E|X was started.
Not licensed for this device
The pac file is not licensed for this T|X or E|X.
T|X Server was started
T|X was started.
Warning: License key file failed
Warning message to indicate that the license

key file is missing.
ALERT Events
Table 2-2
ALERT Events Messages

Message
Description
admin password changed
The password for the Administrator was

changed.
Bad HTTP request: client sent an invalid header line:

<http_header_line>
An HTTP request with and invalid head

was received.
Bad HTTP request: HEAD/0.9
HEAD request cannot be Version HTTP

0.9.
Bad HTTP request: header line longer than allowed

or poorly formed
An HTTP request with a header line longer

than allowed or a poorly formed HTTP request was received.
Bad HTTP request: POST length is less than zero.

Request line: <POST request_line>
An HTTP request with the method POST

that has a length less than zero was received.
Bad HTTP request: POST request did not contain

content length. Request line: <POST request_line

that did not contain the content length was
received.
331
Table 2-2

Message
Description
Bad HTTP request: POST request specified content

length of zero and is not configured to allow this

that specified the content length to be zero
was received, but the Web I/O Accelerator
was not configured to allow zero length
POST requests.
Bad or missing private key file <keypath>; password

not set
Invalid or missing private key file.
Cannot contact Default Gateway <gateway>
Cannot ping the gateway.
Cannot contact DNS server <dns_server>
Unable to contact the DNS server.
Cannot contact E-mail server <email_server>
Unable to contact the E-mail server.
Cannot contact NTP server <ntp_server>
Unable to contact the NTP server.
Cannot contact syslog host <syslog_host>
Unable to contact the syslog host.
Cannot contact Target Server <target_server>
Unable to contact the Target server.
Cannot contact TFTP server <tftp_server>
Unable to contact the TFTP server.
Cluster not in operation; there is no VIP present
The cluster is missing the Virtual IP address.
Duplicate entry found in the CRL file <crl_file>
Duplicate entries were found in the CRL

file.
E|X received excessive bytes from a target

<target_server> for request <url_requested>
E|X received more bytes from a target

server than is indicated in the HTTP header.
Failed to add CA cert to trusted list: <internal error

message>
Unable to add the CA Certificate to the CA

Trusted List.
Failed to load cacrlfile <ca-crl_file>; check file format
Unable to load the CA CRL file. The CA

CRL file must be in a base64-encoded format.
Failed to add CRL from cacrlfile <ca_crl_file>
Unable to add the CRL to the CA CRL file.
Failed to load the complete config
Failed to load the configuration.
Illegal Content-Length header of <length> sent from

<target_server> for a request <url_requested>
Invalid content length sent from the Target

server.
Illegal replay from <target_server> (HTTP <http version>) for a request <url_requested> (no Contentlength/chunking/connection: Close)
Target server is HTTP1.1 and does not

specify connection: close or content
length or does not chunk.
Illegal reply from <target_server> (HTTP <http version>) for a request <url_requested> (no Contentlength/keep-alive set)
The HTTP 1.0 Target server wants to do

keep-alive but not without setting the
content-length header.
<IP address> transitioning to active
The Web I/O Accelerator has transitioned

from a standby role to active role.
Layer 2 Link Down on Main Interface
The link was down on the main network interface, ether0.
332
Table 2-2

Message
Description
No client authentication CA certfile specified
Missing CA Certificate file. CA Certificate

file specifies the list of acceptable CA Certificates that a client may connect with.
No clusters are in operation due to <configuration>

errors
All clusters are disabled.
Only <number> of clusters out of <number> in operation
Not all clusters are enabled.
Rebooted from CLI
The E|X or T|X was rebooted; initiated

from the CLI.
Target server <target_server> disabled through configuration
Target server was disabled through the

CLI or Web User interface.
Target server <target_server> has been contacted
Successfully established a TCP connection the Target server.
Target server <target_server> passed Layer 7 health

check
Target server passed the Layer 7 health

check performed by the E|X or T|X.
The admin password has been changed by pressing

the reset button
The reset button was pressed and thus the

default administrator password was reset.
The CA Trust file <ca_trust_file> could not be loaded;

check file format
Unable to load the CA Trust file. The CA

Trust file must be in a base64-encoded
format.
The CA Certificate file <ca_cert_file> failed to load;

check file format.
Unable to load the CA Certificate file. The

CA Certificate file must be in a base64-encoded format.
Threshold for the m maximum number of connections exceeded
The Web I/O Accelerator has reached the

threshold configured for the maximum
number of connections.
T|X received excessive bytes from the target

<target_server> for a request <url_requested>
Target server sent more bytes than what

are specified in the content-length header.
T|X rebooted from the CLI
T|X was rebooted from the CLI.
VIP <vip> down
The VIP is down because all Target servers are down.
VIP <vip> up
The VIP is up.
333
334
Appendix C. Cipher Suites
Appendix C.
Cipher Suites
The Cipher Suites that are supported are shown in Table C-1. This information can also be
found in the Setting up the T|X or E|X for SSL Traffic chapter of the Installation and
Table C-1
SSL Cipher Suites

Cipher Suite
Common SSL Ciphers
RC4-MD5
RC4-SHA
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
Strong SSL Ciphers
RC4-MD5
RC4-SHA
AES256-SHA
AES128-SHA
IDEA-CBC-SHA
IDEA-CBC-MD5
Export SSL Ciphers
The fastest cipher suites from both the Strong and Export
groups.
The highest-security cipher suites that are suitable for use in

USA.
Lower-security cipher suites that are suitable for export.
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC-SHA
All SSL Ciphers
Description
Strong + Export.
RC4-MD5
RC4-SHA
DES-CBC-MD5
DES-CBC-SHA
DES-CBC3-MD5
DES-CBC3-SHA
AES256-SHA
AES128-SHA
IDEA-CBC-SHA
IDEA-CBC-MD5
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
335
Appendix B. Cipher Suites
336

Command Reference 4.1

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Command Reference 4.1

Încărcat de

Drepturi de autor:

Formate disponibile

Redline Networks

Command Line Reference

Copyright 2005 Redline Networks, Inc.

REDLINE NETWORKS :: Command Line Reference

About This Document

Meaning and Use

In a command line, keywords are shown in

Notes about the subject are shown with a header in italics.

Important information about the subject is

You may, but need not, select one item

You must provide the information enclosed

You may select one (but not more than one)

REDLINE NETWORKS :: Command Line Reference |

REDLINE NETWORKS :: Command Line Reference

Table of Contents ................................................................................. 5

Chapter 2. Administrative Rights ..................................................... 21

Chapter 3. Command Reference ....................................................... 25

REDLINE NETWORKS :: Command Line Reference

set cluster <name> connbind ........................................................................... 131

REDLINE NETWORKS :: Command Line Reference |

show admin netmask ........................................................................................ 209

REDLINE NETWORKS :: Command Line Reference

show ntpq ......................................................................................................... 288

Appendix A. Glossary....................................................................... 325

Appendix C. Cipher Suites............................................................... 335

REDLINE NETWORKS :: Command Line Reference |

REDLINE NETWORKS :: Command Line Reference

REDLINE NETWORKS :: Command Line Reference |

set admin tftp Options............................................................................................. 113

REDLINE NETWORKS :: Command Line Reference

Range of Simultaneous Connections ...................................................................... 184

REDLINE NETWORKS :: Command Line Reference |

show health remotehost Options............................................................................. 277

REDLINE NETWORKS :: Command Line Reference

Tips for Help on Commands

REDLINE NETWORKS :: Command Line Reference |

Notes on Set Commands

set server [ up | down ]

REDLINE NETWORKS :: Command Line Reference

Cluster, Redirector, and Forwarder Naming Conventions

REDLINE NETWORKS :: Command Line Reference |

Outlook Web Access

1.Not available on the T|X 2000 Web I/O Processor

Web Interface for Web I/O Accelerator

REDLINE NETWORKS :: Command Line Reference

REDLINE NETWORKS :: Command Line Reference |

REDLINE NETWORKS :: Command Line Reference

Chapter 2. Administrative Rights

REDLINE NETWORKS :: Command Line Reference |

Chapter 2. Administrative Rights

REDLINE NETWORKS :: Command Line Reference

Chapter 2. Administrative Rights

Security Administrator: secure_administrator

Changing and Resetting Passwords

REDLINE NETWORKS :: Command Line Reference |

Chapter 2. Administrative Rights

REDLINE NETWORKS :: Command Line Reference

Chapter 3. Command Reference

stallation and Administration Guide

stallation and Administration Guide

REDLINE NETWORKS :: Command Line Reference |

Chapter 3. Command Reference

Adds a named cache. The name can

Adds a new cluster. See Cluster,